2024

2023

2022

2021

CVE-2021-37732 (v3: 7.2) 12 Oct 2021
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant 8.7.x.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

2020

CVE-2020-5561 (v3: 9.8) 25 Mar 2020
Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

2019

CVE-2019-5315 (v3: 7.2) 13 Sep 2019
A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x.

2018

2017

2016

2015

CVE-2015-1388 (v2: 7.2) 24 Mar 2015
The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.