Design/Logic Flaw

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

Cross site scripting

A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute...

Path traversal

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect...

Design/Logic Flaw

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

Aruba Networks EdgeConnect 跨站脚本漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in Aruba Networks EdgeConnect that stems from a flaw in the web-based management interface that could allow a remote attacker to conduct a Reflective Cross-Site Scripti...

Aruba Networks EdgeConnect 安全漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. Aruba Networks EdgeConnect is affected by a security vulnerability that can be exploited by an attacker to create a denial-of-service condition via the web-based management interface that prevents a...

CVE-2022-44532

CVE-2022-44532 describes an authenticated path traversal in the Aruba EdgeConnect Enterprise CLI that allows reading arbitrary files on the underlying OS. Affected software (ECOS) includes versions ECOS 9.2.1.0 and below; 9.1.3.0 and below; 9.0.7.0 and below; 8.3.7.1 and below. The vulnerability ...

CVE-2022-44532

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect...

CVE-2022-43542

Aruba EdgeConnect Enterprise Software (ECOS) is affected by CVE-2022-43542 via its command line interface. The vulnerability allows remote authenticated users to execute arbitrary commands on the underlying host with root privileges, potentially leading to full system compromise. Affected version...

CVE-2022-43518

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise...

CVE-2022-43518

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise...

CVE-2022-37926

CVE-2022-37926 affects Aruba EdgeConnect Enterprise Software via stored XSS in the web-based management interface. A remote attacker can upload a crafted file to trigger script execution in a victim’s browser within the affected interface. Affected versions are ECOS 9.2.1.0 and below; ECOS 9.1.3....

CVE-2022-37925

CVE-2022-37925 is an XSS vulnerability in Aruba EdgeConnect Enterprise web-based management interface. The issue affects Aruba EdgeConnect Enterprise software versions ECOS 9.2.1.0 and below, ECOS 9.1.3.0 and below, ECOS 9.0.7.0 and below, and ECOS 8.3.7.1 and below. The root cause is a reflected...

CVE-2022-37924

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

CVE-2022-37922

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

CVE-2022-37921

Aruba EdgeConnect Enterprise Software is affected by CVE-2022-37921. The vulnerability stems from the Aruba EdgeConnect Enterprise command line interface, allowing remote authenticated users to execute arbitrary commands on the underlying host with root privileges, potentially leading to full sys...

CVE-2022-37921

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

CVE-2022-37919

The CVE describes an unauthenticated denial-of-service in Aruba EdgeConnect Enterprise API accessible via the web-based management interface. Affected Software: Aruba EdgeConnect Enterprise (ECOS) 9.2.1.0 and below, 9.1.3.0 and below, 9.0.7.0 and below, and 8.3.7.1 and below. Root cause: API/QoS ...

Realtek eCos Stack Buffer Overflow (CVE-2022-27255)

A stack-based buffer overflow exists in Realtek eCos. Successful exploitation could lead to arbitrary code execution...

Exploit for Improper Input Validation in Realtek Ecos_Rsdk_Firmware

CVE-2022-27255-checker Simple checker for CVE-2022...