CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2021/03/30 12:0 a.m.•11 views

Aruba Instant Command Injection Vulnerability (CNVD-2021-26047)

9CVSS7.9AI score0.0282EPSS

Positive Technologies•added 2021/03/30 12:0 a.m.•2 views

PT-2021-16434 · Aruba · Aruba Instant

Name of the Vulnerable Software and Affected Versions: Aruba Instant versions 6.4.4.8 through 6.4.4.17 and below Aruba Instant versions 6.5.4.18 and below Aruba Instant versions 8.3.0.14 and below Aruba Instant versions 8.5.0.11 and below Aruba Instant versions 8.6.0.7 and below Aruba Instant...

6.1CVSS6.3AI score0.16443EPSS

Exploits3References8

CNVD•added 2021/03/30 12:0 a.m.•9 views

Aruba Instant Command Injection Vulnerability

Aruba Instant is a cloud-hosted controller-less wireless access point. A command injection vulnerability exists in the DHCP option of Aruba Instant, which can be exploited by an attacker to execute arbitrary commands in the underlying operating system...

10CVSS8AI score0.03295EPSS

CNVD•added 2021/03/30 12:0 a.m.•7 views

Aruba Instant Arbitrary File Modification Vulnerability

Aruba Instant is a cloud-hosted controller-less wireless access point. Aruba Instant suffers from an arbitrary file modification vulnerability that can be exploited by an attacker via a command line interface to overwrite arbitrary files with content under their control...

8.5CVSS6.9AI score0.0091EPSS

BDU FSTEC•added 2021/03/30 12:0 a.m.•1 views

The vulnerability of the Cisco Jabber for Windows software platform lies in insufficient input data validation, which allows attackers to escalate their privileges, access confidential information, intercept secure network traffic, or cause service failures.

The vulnerability of the Cisco Jabber for Windows software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges, access confidential information, intercept secure network traffic, or cause service...

9.9CVSS7.1AI score0.00958EPSS

Exploits0References3Affected Software1

CVE•added 2021/03/29 11:58 p.m.•91 views

CVE-2021-25149

The CVE-2021-25149 vulnerability affects Aruba Instant Access Point (IAP) products across Aruba Instant 6.4.x (≤6.4.4.8-4.2.4.17), 6.5.x (≤6.5.4.16), 8.3.x (≤8.3.0.12), 8.5.x (≤8.5.0.6), and 8.6.x (≤8.6.0.2). It is described as a remote buffer overflow in the PAPI UDP handling that could allow co...

9.8CVSS9.7AI score0.01634EPSS

Cvelist•added 2021/03/29 11:58 p.m.•15 views

CVE-2021-25149

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Insta...

10AI score0.01634EPSS

CVE•added 2021/03/29 11:56 p.m.•77 views

CVE-2021-25148

CVE-2021-25148 affects Aruba Instant IAP devices. A remote arbitrary file modification vulnerability exists in Aruba Instant 6.5.x (≤6.5.4.17), 8.3.x (≤8.3.0.13), 8.5.x (≤8.5.0.10), and 8.6.x (≤8.6.0.4). The underlying issue allows an attacker to overwrite or modify files via remote interfaces (C...

8.5CVSS8.1AI score0.0091EPSS

Cvelist•added 2021/03/29 11:54 p.m.•15 views

CVE-2021-25145

A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.1...

6.6AI score0.00407EPSS

OSV•added 2021/03/29 8:15 p.m.•1 views

CVE-2021-25143

A remote denial of service dos vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that addre...

7.5CVSS5.8AI score0.01309EPSS

OSV•added 2021/03/29 8:15 p.m.•2 views

CVE-2021-25144

8.8CVSS7.5AI score0.02146EPSS

OSV•added 2021/03/29 8:15 p.m.•1 views

CVE-2020-24635

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aru...

7.2CVSS7.3AI score

OSV•added 2021/03/29 8:15 p.m.•3 views

CVE-2020-24636

9.8CVSS6AI score0.03295EPSS

NVD•added 2021/03/29 8:15 p.m.•14 views

CVE-2020-24636

10CVSS0.03295EPSS

NVD•added 2021/03/29 8:15 p.m.•18 views

CVE-2020-24635

9CVSS0.02722EPSS

Prion•added 2021/03/29 8:15 p.m.•16 views

Design/Logic Flaw

9CVSS7.8AI score0.02722EPSS

Exploits0References2Affected Software2

CVE•added 2021/03/29 7:8 p.m.•62 views

CVE-2020-24636

CVE-2020-24636 is a remote command-execution vulnerability affecting Aruba Instant IAPs. The issue exists in Aruba Instant 6.5.x (6.5.4.17 and below), 8.3.x (8.3.0.13 and below), 8.5.x (8.5.0.10 and below), 8.6.x (8.6.0.5 and below), and 8.7.x (8.7.0.0 and below). Siemens/Red Hat and other connec...

10CVSS9.6AI score0.03295EPSS

Cvelist•added 2021/03/29 7:6 p.m.•14 views

CVE-2021-25144

9.2AI score0.02146EPSS

CVE•added 2021/03/29 7:5 p.m.•52 views

CVE-2020-24635

CVE-2020-24635 is a command-injection vulnerability in Aruba Instant IAPs (Aruba Instant CLI/Web UI) that allows remote execution of arbitrary commands with high privileges. Affected versions include Aruba Instant 6.5.x (≤6.5.4.17), 8.3.x (≤8.3.0.13), 8.5.x (≤8.5.0.10), 8.6.x (≤8.6.0.5), and 8.7....

9CVSS7.3AI score0.02722EPSS