Chancen

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** An authenticated sensitive information disclosure issue exists in the CLI service accessed via the PAPI protocol. This allows successful exploitation to result in the ability to read arbitrary files in the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soft AP daemon (affected versions not specified) **Description** The issue concerns multiple unauthenticated Denial-of-Service (DoS) vulnerabilities in the Soft AP daemon, which is accessed via the PAPI protocol. Successful exploitation of these vulnerabilities can interrupt the normal operation of the affected Access Point. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aruba InstantOS/ArubaOS (affected versions not specified) **Description** Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Access Point (affected versions not specified) **Description** An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this issue results in the ability to interrupt the normal operation of the affected Access Point. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Aruba Access Point (affected versions not specified) **Description** The issue is related to buffer overflow vulnerabilities in the underlying CLI service. These vulnerabilities could lead to unauthenticated remote code execution by sending specially crafted packets to the PAPI UDP port (8211). Successful exploitation results in the ability to execute arbitrary code as a privileged user on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aruba Central Communications service (affected versions not specified) **Description** The issue is related to buffer overflow vulnerabilities in the Central Communications service, which could lead to unauthenticated remote code execution. This can be achieved by sending specially crafted packets to the PAPI UDP port (8211). Successful exploitation allows for the execution of arbitrary code as a privileged user on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aruba Access Point versions (affected versions not specified) **Description** The issue is related to a buffer overflow vulnerability in the SAE service, which could lead to unauthenticated remote code execution. This can be achieved by sending specially crafted packets to the PAPI UDP port (8211). Successful exploitation allows the execution of arbitrary code as a privileged user on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aruba Access Point (affected versions not specified) **Description** The issue concerns an arbitrary file deletion vulnerability in the CLI service accessed by PAPI, which is Aruba's Access Point management protocol. Successful exploitation of this issue results in the ability to delete arbitrary files on the underlying operating system. This could lead to the interruption of normal operation and impact the integrity of the affected Access Point. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aruba Access Point (affected versions not specified) **Description** The issue is related to an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this issue results in the ability to delete arbitrary files on the underlying operating system, potentially interrupting normal operation and impacting the integrity of the affected Access Point. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Radio Frequency Manager service (affected versions not specified) **Description** An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArubaOS (affected versions not specified) **Description** An unauthenticated Denial of Service (DoS) issue exists in the Auth service accessed via the `PAPI` protocol provided by ArubaOS. Successful exploitation of this issue results in the ability to interrupt the normal operation of the controller. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AP Management service (affected versions not specified) **Description** Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AP Management service (affected versions not specified) **Description** Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AP Management service (affected versions not specified) **Description** The issue concerns Unauthenticated Denial-of-Service (DoS) vulnerabilities in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aruba access points (affected versions not specified) **Description** There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArubaOS versions (affected versions not specified) **Description** The issue is a buffer overflow vulnerability in the Local User Authentication Database service. This vulnerability could lead to unauthenticated remote code execution by sending specially crafted packets to the PAPI UDP port (8211). Successful exploitation results in the ability to execute arbitrary code as a privileged user on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArubaOS versions prior to the fixed version **Description** The issue is related to a buffer overflow vulnerability in the underlying L2/L3 Management service. This vulnerability could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. **Recommendations** As a temporary workaround, consider disabling the `PAPI` protocol or restricting access to the UDP port 8211 until a patch is available. For versions prior to the fixed version, update to the latest version to resolve the issue. Restrict access to the vulnerable L2/L3 Management service to minimize the risk of exploitation.