Security Advisories | Aruba

Advisories

Information Disclosure in Web Management Interface for Aruba Intelligent Edge Switches – 02/11/2020
Aruba Mobility Controller Multiple Remote Code Execution Vulnerabilities – 09/03/2019
Aruba Impact for CPU Side-Channel Attacks – 06/25/2019
WPA3 Multiple Vulnerabilities – 04/16/2019
Aruba Instant Multiple Vulnerabilities – 02/27/2019
ClearPass Policy Manager Multiple Vulnerabilities – 11/07/2018
Aruba BLE Radio Firmware Vulnerability – 10/18/2018
Apache Struts Vulnerability in ClearPass Policy Manager – 08/24/2018
Linux Kernel Vulnerabilities in ClearPass and AirWave – 08/24/2018
Return Of Bleichenbacher's Oracle Threat (ROBOT) – 03/28/2018
ClearPass Policy Manager Multiple Vulnerabilities – 03/21/2018
Unauthorized Memory Disclosure through CPU Side-Channel Attacks ("Meltdown" and "Spectre") – 01/04/2018
WPA2 Key Reinstallation Vulnerabilities (CVE-2017-13077) – 10/16/2017
- Read the FAQ
ArubaOS Multiple Vulnerabilities – 10/11/2017
Multiple Vulnerabilities in 'dnsmasq' – 10/11/2017
ClearPass Policy Manager Multiple Vulnerabilities – 09/27/2017
Apache Struts Multiple Vulnerabilities – 09/11/2017
HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities – 06/14/2017
Aruba AirWave Glass, Remote Code Execution – 05/24/2017
Aruba ClearPass Policy Manager, Multiple Vulnerabilities – 05/24/2017
Apache Struts Remote Code Execution Vulnerability – 03/10/2017
AirWave Management Platform Multiple Vulnerabilities – 01/18/2017
"Dirty Cow" Linux Kernel Vulnerability (CVE-2016-5195) – 11/04/2016
ClearPass Policy Manager Multiple Vulnerabilities – 09/21/2016
ClearPass Policy Manager Multiple Vulnerabilities – 06/01/2016
ArubaOS Multiple Vulnerabilities – 05/11/2016
ClearPass Policy Manager Multiple Vulnerabilities – 05/11/2016
ArubaOS PAPI Vulnerabilities – 05/04/2016
Aruba Instant Multiple Vulnerabilities – 05/04/2016
AirWave Management Platform Multiple Vulnerabilities – 05/04/2016
SAMR and LSA man in the middle attacks ("BADLOCK") – 04/22/2016
OpenSSL Multiple Vulnerabilities (March 2016) – 03/03/2016
glibc getaddrinfo() Stack-Based Buffer Overflow – 02/18/2016
ArubaOS Multiple Vulnerabilities – 11/30/2015
Network Time Protocol Daemon (NTPD) Multiple Vulnerabilities – 11/30/2015
ClearPass Policy Manager Multiple Vulnerabilities – 08/20/2015
OpenSSL Alternative chains certificate forgery – 07/10/2015
OpenSSL Multiple Vulnerabilities (19 March 2015) – 03/26/2015
ClearPass Policy Manager Multiple Vulnerabilities – 03/25/2015
AirWave Multiple Vulnerabilities – 03/18/2015
Aruba Remote Access Point (RAP) Command Injection – 03/18/2015
OpenSSL Multiple Vulnerabilities (08 January 2015) – 02/05/2015
Buffer Overflow in glibc, aka “GHOST” – 02/05/2015
Aruba Instant (IAP) Wireless DoS Attack – 01/27/2015
Airwave Privilege Escalation and CPPM SQL Injection (CVE-2014-8367, CVE-2014-8368) – 11/19/2014
Aruba ClearPass Multiple Vulnerabilities (October 2014) – 10/28/2014
SSL 3.0 “POODLE” Attack – 10/14/2014
ArubaOS Authentication Bypass Vulnerability – 10/07/2014
GNU bash Shell Multiple Vulnerabilities – 09/25/2014
OpenSSL Multiple Vulnerabilities (August 2014) – 08/18/2014
SQL Injection and Credential Disclosure Vulnerability in Aruba Networks ClearPass Policy Manager – 07/03/2014
OpenSSL Multiple Vulnerabilities (CVE-2014-0224) – 06/06/2014
Apache Struts2 Vulnerabilities (CVE-2014-0050, CVE-2014-0094, CVE-2014-0112, CVE-2014-0113) in ClearPass Policy Manager – 05/14/2014
Privilege Elevation Vulnerabilities (CVE-2014-2071, CVE-2014-2101) in ClearPass Policy Manager – 05/02/2014
OpenSSL 1.0.1 library (Heartbleed) vulnerability (CVE-2014-0160) – 04/08/2014
Apache Struts2 Vulnerability in Aruba Networks ClearPass Policy Manager (CVE-2013-2248, CVE-2013-2251) – 08/01/2013
Sponsor Confirmation Approval Bypass Vulnerability in Aruba Networks ClearPass Guest product – 05/08/2013
Multiple Vulnerabilities in OpenSSL (CVE-2013-0169, CVE-2013-0166) – 04/26/2013
Multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS User Authentication Bypass Vulnerability. – 03/19/2012
Cross Site Scripting vulnerability in ArubaOS Administration WebUI – 03/18/2012
Cross Site Scripting vulnerability in ArubaOS and AirWave Administration Web Interfaces – 06/07/2011
Aruba Mobility Controller – multiple advisories: DoS and authentication bypass – 01/31/2011
TLS Protocol Session Renegotiation Security Vulnerability – 02/08/2010
Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point – 10/26/2009
Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication – 04/23/2009
DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame – 12/08/2008
Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities – 05/14/2008
Aruba Mobility Controller User Authentication Vulnerability – 12/22/2007
Aruba Mobility Controller Management Interface Session Cookie Vulnerability – 09/04/2007
Aruba Mobility Controller Management Interface Login Pages Cross-Site Scripting – 09/03/2007
Mobility Controller Management Interface Buffer Overflow – 02/13/2007
Aruba Mobility Controller Guest User Privilege Escalation – 02/13/2007
VPN ISAKMP Message Processing Denial of Service – 11/13/2005
SSH Tunneling (Port Forwarding) Through the Aruba Devices is Allowed – 06/14/2005
IPsec Configurations May Be Vulnerable to Information Disclosure – 05/10/2005
Risk of Multiple Denial of Service Attacks Using Modified ICMP Packets – 04/19/2005
Aruba Switches are Vulnerable to a PPTP Exploit – 02/10/2005
ISC DHCP Contains C Includes That Define “vsnprintf” to “vsprintf” Creating Potential Buffer Overflow Conditions – 06/15/2004
ISC DHCPD Contains a Stack Buffer Overflow Vulnerability in Handling Log Lines Containing ASCII Characters Only – 06/14/2004
IEEE 802.11 Wireless Network Protocol DSSS CCA Algorithm Vulnerable to Denial of service – 04/17/2004
SSH Vulnerabilities – 11/18/2003