Archive of Security Advisories

Advisories

• "Ripple20" Multiple Vulnerabilities affecting the Treck TCP/ IP stack – 06/23/2020
• ClearPass Policy Manager Multiple Vulnerabilities – 06/02/2020
• ClearPass Policy Manager Multiple Vulnerabilities – 04/14/2020
• WPA and WPA2 Disassociation Vulnerability ("Kr00k") – 02/28/2020
• AirWave Management Platform Multiple Vulnerabilities – 02/25/2020
• Information Disclosure in Web Management Interface for Aruba Intelligent Edge Switches – 02/11/2020
• Aruba Mobility Controller Multiple Remote Code Execution Vulnerabilities – 09/03/2019
• Aruba Impact for CPU Side-Channel Attacks – 06/25/2019
• WPA3 Multiple Vulnerabilities – 04/16/2019
• Aruba Instant Multiple Vulnerabilities – 02/27/2019
• ClearPass Policy Manager Multiple Vulnerabilities – 11/07/2018
• Aruba BLE Radio Firmware Vulnerability – 10/18/2018
• Apache Struts Vulnerability in ClearPass Policy Manager – 08/29/2018
• Linux Kernel Vulnerabilities in ClearPass and AirWave – 08/24/2018
• Return Of Bleichenbacher's Oracle Threat (ROBOT) – 03/29/2018
• ClearPass Policy Manager Multiple Vulnerabilities – 03/21/2018
• Unauthorized Memory Disclosure through CPU Side-Channel Attacks ("Meltdown" and "Spectre") – 01/04/2018
• WPA2 Key Reinstallation Vulnerabilities (CVE-2017-13077) – 10/16/2017
  • Common industry-wide flaws in WPA2 key management may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. The accompanying FAQ document provides more extensive details.
• ArubaOS Multiple Vulnerabilities – 10/11/2017
• Multiple Vulnerabilities in 'dnsmasq' – 10/11/2017
• ClearPass Policy Manager Multiple Vulnerabilities – 09/27/2017
• Apache Struts Multiple Vulnerabilities – 09/11/2017
• HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities – 06/14/2017
• HPE Aruba AirWave Glass, Remote Code Execution – 05/24/2017
• Apache Struts Remote Code Execution Vulnerability – 03/10/2017
• AirWave Management Platform Multiple Vulnerabilities – 01/18/2017
• "Dirty Cow" Linux Kernel Vulnerability (CVE-2016-5195) – 11/04/2016
• ClearPass Policy Manager Multiple Vulnerabilities – 09/21/2016
• ClearPass Policy Manager Multiple Vulnerabilities – 06/01/2016
• ArubaOS Multiple Vulnerabilities – 05/11/2016
• ClearPass Policy Manager Multiple Vulnerabilities – 05/11/2016
• ArubaOS PAPI Vulnerabilities – 05/04/2016
• Aruba Instant Multiple Vulnerabilities – 05/04/2016
• AirWave Management Platform Multiple Vulnerabilities – 05/04/2016
• SAMR and LSA man in the middle attacks ("BADLOCK") – 04/22/2016
• OpenSSL Multiple Vulnerabilities (March 2016) – 03/03/2016
• glibc getaddrinfo() Stack-Based Buffer Overflow – 02/18/2016
• ArubaOS Multiple Vulnerabilities – 11/30/2015
• Network Time Protocol Daemon (NTPD) Multiple Vulnerabilities – 11/30/2015
• ClearPass Policy Manager Multiple Vulnerabilities – 08/20/2015
• OpenSSL Alternative chains certificate forgery – 07/10/2015
• OpenSSL Multiple Vulnerabilities (19 March 2015) – 03/26/2015
• ClearPass Policy Manager Multiple Vulnerabilities – 03/25/2015
• AirWave Multiple Vulnerabilities – 03/18/2015
• Aruba Remote Access Point (RAP) Command Injection – 03/18/2015
• OpenSSL Multiple Vulnerabilities (08 January 2015) – 02/05/2015
• Buffer Overflow in glibc, aka “GHOST” – 02/05/2015
• Aruba Instant (IAP) Wireless DoS Attack – 01/27/2015
• Unauthenticated SQL Injection Vulnerability in ClearPass Policy Manager – 11/19/2014
• Aruba ClearPass Multiple Vulnerabilities (October 2014) – 10/28/2014
• SSL 3.0 “POODLE” Attack – 10/14/2014
• ArubaOS Authentication Bypass Vulnerability – 10/07/2014
• GNU bash Shell Multiple Vulnerabilities – 09/25/2014
• OpenSSL Multiple Vulnerabilities (August 2014) – 08/18/2014
• SQL Injection and Credential Disclosure Vulnerability in Aruba Networks ClearPass Policy Manager – 07/03/2014
• OpenSSL Multiple Vulnerabilities – 06/06/2014
• Apache Struts2 Vulnerability in Aruba Networks ClearPass Policy Manager – 05/14/2014
• Privilege Elevation Vulnerability in ClearPass Policy Manager for Authenticated Network Users – 05/02/2014
• OpenSSL 1.0.1 library (Heartbleed) vulnerability – 04/08/2014
• Apache Struts2 Vulnerability in Aruba Networks ClearPass Policy Manager – 08/01/2013
• Sponsor Confirmation Approval Bypass Vulnerability in Aruba Networks ClearPass Guest product – 05/08/2013
• Multiple Vulnerabilities in OpenSSL – 04/26/2013
• OS Command Injection Vulnerability in Aruba Remote Access Point Diagnostic Web Interface – 03/19/2012
• Cross Site Scripting vulnerability in ArubaOS Administration Web Interface – 03/18/2012
• Cross Site Scripting vulnerability in ArubaOS and AirWave Administration Web Interfaces – 06/07/2011
• Aruba Mobility Controller – multiple advisories: DoS and authentication bypass – 01/31/2011
• TLS Protocol Session Renegotiation Security Vulnerability – 02/08/2010
• Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point – 10/26/2009
• Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication – 04/23/2009
• DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame – 12/08/2008
• Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities – 05/14/2008
• Aruba Mobility Controller User Authentication Vulnerability – 12/22/2007
• Aruba Mobility Controller Management Interface Session Cookie Vulnerability – 09/04/2007
• Aruba Mobility Controller Management Interface Login Pages Cross-Site Scripting – 09/03/2007
• Aruba Mobility Controller Management Interface Buffer Overflow – 02/13/2007
• Aruba Mobility Controller Guest User Privilege Escalation – 02/13/2007
• VPN ISAKMP Message Processing Denial of Service – 11/13/2005
• SSH tunneling allowed through Aruba devices – 06/14/2005
• IPsec configurations may be vulnerable to information disclosure – 05/10/2005
• Risk of multiple Denial of Service attacks using modified ICMP packets – 04/19/2005
• Aruba switches are vulnerable to a PPTP exploit – 02/10/2005
• ISC DHCP contains C includes that define "vsnprintf" to "vsprintf" creating potential buffer overflow conditions – 06/15/2004
• ISC DHCPD contains a stack buffer overflow vulnerability in handling log lines containing ASCII characters only – 06/14/2004
• IEEE 802.11 wireless network protocol DSSS CCA algorithm vulnerable to denial of service – 04/17/2004
• SSH vulnerabilities – 11/18/2003