{ "document": { "aggregate_severity": { "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale", "text": "High" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "notes": [ { "category": "summary", "text": "HPE Aruba Networking has released AOS-8 and AOS-10 patches for Mobility Conductors, Controllers and Gateways to address multiple security vulnerabilities.", "title": "Summary" }, { "category": "general", "text": "HPE Aruba Networking \n - Mobility Conductors \n - Mobility Controllers\n - WLAN and SD-WAN Gateways Managed by HPE Aruba Networking \n Central\n \nAffected Software Version(s):\n - AOS-10.7.x.x: 10.7.2.1 and below\n - AOS-10.4.x.x: 10.4.1.9 and below\n - AOS-8.13.x.x: 8.13.1.0 and below\n - AOS-8.10.x.x: 8.10.0.20 and below\n \nThe following software versions that are End of Maintenance (EoM) are affected by these vulnerabilities and are not addressed bythis advisory:\n - AOS-10.6.x.x: all\n - AOS-10.5.x.x: all\n - AOS-10.3.x.x: all\n - AOS-8.12.x.x:all\n - AOS-8.11.x.x: all\n - AOS-8.9.x.x: all\n - AOS-8.8.x.x: all\n - AOS-8.7.x.x: all\n - AOS-8.6.x.x: all\n - AOS-6.5.4.x: all\n - SD-WAN 8.7.0.0-2.3.0.x: all\n - SD-WAN 8.6.0.4-2.2.x.x: all", "title": "Affected Products" }, { "category": "general", "text": "Any other HPE Aruba Networking products and software versions not specifically listed above are not affected by these vulnerabilities.", "title": "Unaffected Products" }, { "category": "other", "text": "HPE Aruba Networking is not aware of any public discussion or exploit code targeting these specific vulnerabilities as of the release date of the advisory.", "title": "Exploitation and Public Discussion" }, { "category": "general", "text": "Complete information on reporting security vulnerabilities in HPE Networking products and obtaining assistance with security incidents is available at:\nhttp://www.hpe.com/support/security-response-policy\n \nFor reporting NEW HPE Networking security issues, email can be sent to aruba-sirt@hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.hpe.com/info/psrt-pgp-key ", "title": "Aruba SIRT Security Procedures" }, { "category": "legal_disclaimer", "text": "(c) Copyright 2026 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information.", "title": "Legal Disclaimer" } ], "publisher": { "category": "vendor", "contact_details": "Email: aruba-sirt(at)hpe.com - For further details please see http://www.hpe.com/support/security-response-policy", "issuing_authority": "HPE Aruba Networking's Security Incident Response Team (SIRT) is responsible for receiving, tracking, managing, and disclosing vulnerabilities in HPE Aruba Networking products. The HPE Aruba Networking SIRT actively works with industry, non-profit, government organizations, and the security community when vulnerabilities are reported. A security vulnerability is defined as any weakness in a product that allows an attacker to compromise the confidentiality, integrity, or availability of a product, customer infrastructure, or IT system through an HPE Aruba Networking product in that environment.", "name": "HPE Networking", "namespace": "http://www.hpe.com/support/security-response-policy" }, "references": [ { "summary": "Original Advisory", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US" }, { "summary": "HPE Aruba Networking Security Advisory Archive", "url": "https://csaf.arubanetworking.hpe.com/" }, { "summary": "HPE Aruba Networking Product Security Incident Response Policy", "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us" } ], "title": "Multiple Vulnerabilities in HPE Aruba Networking AOS-8 and AOS-10 for Mobility Conductors, Controllers, and Gateways.", "tracking": { "current_release_date": "2026-01-27T17:00:00.000Z", "generator": { "date": "2026-03-04T13:11:56.222Z", "engine": { "name": "Secvisogram", "version": "2.5.44" } }, "id": "HPESBNW04987", "initial_release_date": "2026-01-13T17:00:00.000Z", "revision_history": [ { "date": "2026-01-13T17:00:00.000Z", "number": "1", "summary": "Initial release" }, { "date": "2026-01-27T17:00:00.000Z", "number": "2", "summary": "Updates to the details block of the CVE-2025-37178 and CVE-2025-37179 and the Resolution section of this advisory." } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "AOS-10.7.x", "product": { "name": "HPE Aruba Networking Operating System (AOS-10)", "product_id": "AOS-10.7.2.2" } }, { "category": "product_version", "name": "AOS-10.4.x", "product": { "name": "HPE Aruba Networking Operating System (AOS-10)", "product_id": "AOS-10.4.1.10" } }, { "category": "product_version", "name": "AOS-8.13.x", "product": { "name": "HPE Aruba Networking Operating System (AOS-8)", "product_id": "AOS-8.13.1.1" } }, { "category": "product_version", "name": "AOS-8.10.x", "product": { "name": "HPE Aruba Networking Operating System (AOS-8)", "product_id": "AOS-8.10.0.21" } }, { "category": "product_version_range", "name": "vers:semver/>=10.6.0.0|<=10.7.2.1", "product": { "name": "HPE Aruba Networking Operating System (AOS-10)", "product_id": ">=10.6.0.0|<=10.7.2.1" } }, { "category": "product_version_range", "name": "vers:semver/>=10.3.0.0|<=10.4.1.9", "product": { "name": "HPE Aruba Networking Operating System (AOS-10)", "product_id": ">=10.3.0.0|<=10.4.1.9" } }, { "category": "product_version_range", "name": "vers:semver/>=8.12.0.0|<=8.13.1.0", "product": { "name": "HPE Aruba Networking Operating System (AOS-8)", "product_id": ">=8.12.0.0|<=8.13.1.0" } }, { "category": "product_version_range", "name": "vers:semver/>=8.10.0.0|<=8.10.0.20", "product": { "name": "HPE Aruba Networking Operating System (AOS-8)", "product_id": ">=8.10.0.0|<=8.10.0.20" } } ], "category": "product_name", "name": "ArubaOS (AOS)" } ], "category": "vendor", "name": "HPE Aruba Networking" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "n3k" ], "organization": "Bugcrowd", "summary": "These vulnerabilities were discovered by n3k and reported through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37168", "notes": [ { "category": "details", "text": "Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices.", "title": "Details" }, { "category": "other", "text": "VULN-123", "title": "Internal References" } ], "product_status": { "fixed": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "known_affected": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] }, "remediations": [ { "category": "vendor_fix", "date": "2026-01-13T17:00:00.000Z", "details": "Upgrade Mobility Conductors, Controllers, and Gateways to one of the following AOS-10 or AOS-8 versions (as applicable) to resolve the vulnerabilities described in the details section:\n - AOS-10.7.x.x: 10.7.2.2 and above\n - AOS-10.4.x.x: 10.4.1.10 and above\n - AOS-8.13.x.x: 8.13.1.1 and above\n - AOS-8.10.x.x: 8.10.0.21 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at \nhttps://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE\n\nHPE Aruba Networking does not evaluate or patch AOS-10 GW and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ], "url": "https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE" }, { "category": "workaround", "date": "2026-01-13T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "environmentalScore": 8.2, "environmentalSeverity": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 8.2, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1" }, "products": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "title": "Unauthenticated Arbitrary File Deletion Vulnerability in AOS-8 Operating System" }, { "acknowledgments": [ { "names": [ "zzcentury from Ubisectech Sirius Team" ], "organization": "Bugcrowd", "summary": "This vulnerability was discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program. " } ], "cve": "CVE-2025-37169", "notes": [ { "category": "details", "text": "A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system.", "title": "Details" }, { "category": "other", "text": "VULN-87", "title": "Internal References" } ], "product_status": { "fixed": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "known_affected": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9" ] }, "remediations": [ { "category": "vendor_fix", "date": "2026-01-13T17:00:00.000Z", "details": "Upgrade Mobility Conductors, Controllers, and Gateways to one of the following AOS-10 or AOS-8 versions (as applicable) to resolve the vulnerabilities described in the details section:\n - AOS-10.7.x.x: 10.7.2.2 and above\n - AOS-10.4.x.x: 10.4.1.10 and above\n - AOS-8.13.x.x: 8.13.1.1 and above\n - AOS-8.10.x.x: 8.10.0.21 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at \nhttps://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE\n\nHPE Aruba Networking does not evaluate or patch AOS-10 GW and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "AOS-10.7.2.2", "AOS-10.4.1.10" ], "url": "https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE" }, { "category": "workaround", "date": "2026-01-13T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.2, "environmentalSeverity": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "temporalScore": 7.2, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9" ] } ], "title": "Stack Overflow Vulnerability in AOS-10 Web-Based Management Interface" }, { "acknowledgments": [ { "names": [ "zzcentury from Ubisectech Sirius Team" ], "organization": "Bugcrowd", "summary": "This vulnerability was discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37170", "notes": [ { "category": "details", "text": "Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.", "title": "Details" }, { "category": "other", "text": "VULN-141", "title": "Internal References" } ], "product_status": { "fixed": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "known_affected": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] }, "remediations": [ { "category": "vendor_fix", "date": "2026-01-13T17:00:00.000Z", "details": "Upgrade Mobility Conductors, Controllers, and Gateways to one of the following AOS-10 or AOS-8 versions (as applicable) to resolve the vulnerabilities described in the details section:\n - AOS-10.7.x.x: 10.7.2.2 and above\n - AOS-10.4.x.x: 10.4.1.10 and above\n - AOS-8.13.x.x: 8.13.1.1 and above\n - AOS-8.10.x.x: 8.10.0.21 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at \nhttps://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE\n\nHPE Aruba Networking does not evaluate or patch AOS-10 GW and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "url": "https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE" }, { "category": "workaround", "date": "2026-01-13T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.2, "environmentalSeverity": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "temporalScore": 7.2, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "title": "Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface" }, { "acknowledgments": [ { "names": [ "zzcentury from Ubisectech Sirius Team" ], "organization": "Bugcrowd", "summary": "This vulnerability was discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37171", "notes": [ { "category": "details", "text": "Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.", "title": "Details" }, { "category": "other", "text": "VULN-139", "title": "Internal References" } ], "product_status": { "fixed": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "known_affected": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] }, "remediations": [ { "category": "vendor_fix", "date": "2026-01-13T17:00:00.000Z", "details": "Upgrade Mobility Conductors, Controllers, and Gateways to one of the following AOS-10 or AOS-8 versions (as applicable) to resolve the vulnerabilities described in the details section:\n - AOS-10.7.x.x: 10.7.2.2 and above\n - AOS-10.4.x.x: 10.4.1.10 and above\n - AOS-8.13.x.x: 8.13.1.1 and above\n - AOS-8.10.x.x: 8.10.0.21 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at \nhttps://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE\n\nHPE Aruba Networking does not evaluate or patch AOS-10 GW and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "url": "https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE" }, { "category": "workaround", "date": "2026-01-13T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.2, "environmentalSeverity": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "temporalScore": 7.2, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "title": "Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface" }, { "acknowledgments": [ { "names": [ "zzcentury from Ubisectech Sirius Team" ], "organization": "Bugcrowd", "summary": "This vulnerability was discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37172", "notes": [ { "category": "details", "text": "Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.", "title": "Details" }, { "category": "other", "text": "VULN-129", "title": "Internal References" } ], "product_status": { "fixed": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "known_affected": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] }, "remediations": [ { "category": "vendor_fix", "date": "2026-01-13T17:00:00.000Z", "details": "Upgrade Mobility Conductors, Controllers, and Gateways to one of the following AOS-10 or AOS-8 versions (as applicable) to resolve the vulnerabilities described in the details section:\n - AOS-10.7.x.x: 10.7.2.2 and above\n - AOS-10.4.x.x: 10.4.1.10 and above\n - AOS-8.13.x.x: 8.13.1.1 and above\n - AOS-8.10.x.x: 8.10.0.21 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at \nhttps://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE\n\nHPE Aruba Networking does not evaluate or patch AOS-10 GW and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "url": "https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE" }, { "category": "workaround", "date": "2026-01-13T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.2, "environmentalSeverity": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "temporalScore": 7.2, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "title": "Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface" }, { "acknowledgments": [ { "names": [ "moonv" ], "organization": "Bugcrowd", "summary": "These vulnerabilities were discovered by moonv and reported through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37173", "notes": [ { "category": "details", "text": "An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected system.", "title": "Details" }, { "category": "other", "text": "VULN-140", "title": "Internal References" } ], "product_status": { "fixed": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "known_affected": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] }, "remediations": [ { "category": "vendor_fix", "date": "2026-01-13T17:00:00.000Z", "details": "Upgrade Mobility Conductors, Controllers, and Gateways to one of the following AOS-10 or AOS-8 versions (as applicable) to resolve the vulnerabilities described in the details section:\n - AOS-10.7.x.x: 10.7.2.2 and above\n - AOS-10.4.x.x: 10.4.1.10 and above\n - AOS-8.13.x.x: 8.13.1.1 and above\n - AOS-8.10.x.x: 8.10.0.21 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at \nhttps://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE\n\nHPE Aruba Networking does not evaluate or patch AOS-10 GW and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "url": "https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE" }, { "category": "workaround", "date": "2026-01-13T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.2, "environmentalSeverity": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "temporalScore": 7.2, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "title": "Improper Input Handling Vulnerability in Authenticated Configuration API Endpoint (AOS-10/AOS-8 Web UI)" }, { "acknowledgments": [ { "names": [ "zzcentury from Ubisectech Sirius Team" ], "organization": "Bugcrowd", "summary": "These vulnerabilities were discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37174", "notes": [ { "category": "details", "text": "Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary commands as a privileged user on the underlying operating system.", "title": "Details" }, { "category": "other", "text": "VULN-79", "title": "Internal References" } ], "product_status": { "fixed": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "known_affected": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] }, "remediations": [ { "category": "vendor_fix", "date": "2026-01-13T17:00:00.000Z", "details": "Upgrade Mobility Conductors, Controllers, and Gateways to one of the following AOS-10 or AOS-8 versions (as applicable) to resolve the vulnerabilities described in the details section:\n - AOS-10.7.x.x: 10.7.2.2 and above\n - AOS-10.4.x.x: 10.4.1.10 and above\n - AOS-8.13.x.x: 8.13.1.1 and above\n - AOS-8.10.x.x: 8.10.0.21 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at \nhttps://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE\n\nHPE Aruba Networking does not evaluate or patch AOS-10 GW and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "url": "https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE" }, { "category": "workaround", "date": "2026-01-13T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.2, "environmentalSeverity": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "temporalScore": 7.2, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "title": "Authenticated Arbitrary File Write Vulnerability in AOS 10 and AOS-8 Web-Based Management Interface" }, { "acknowledgments": [ { "names": [ "zzcentury from Ubisectech Sirius Team" ], "organization": "Bugcrowd", "summary": "These vulnerabilities were discovered by zzcentury from Ubisectech Sirius Team and reported through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37175", "notes": [ { "category": "details", "text": "Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands on the underlying operating system.", "title": "Details" }, { "category": "other", "text": "VULN-75", "title": "Internal References" } ], "product_status": { "fixed": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "known_affected": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] }, "remediations": [ { "category": "vendor_fix", "date": "2026-01-13T17:00:00.000Z", "details": "Upgrade Mobility Conductors, Controllers, and Gateways to one of the following AOS-10 or AOS-8 versions (as applicable) to resolve the vulnerabilities described in the details section:\n - AOS-10.7.x.x: 10.7.2.2 and above\n - AOS-10.4.x.x: 10.4.1.10 and above\n - AOS-8.13.x.x: 8.13.1.1 and above\n - AOS-8.10.x.x: 8.10.0.21 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at \nhttps://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE\n\nHPE Aruba Networking does not evaluate or patch AOS-10 GW and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "url": "https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE" }, { "category": "workaround", "date": "2026-01-13T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.2, "environmentalSeverity": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "temporalScore": 7.2, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "title": "Authenticated Arbitrary File Upload Vulnerability in AOS-10 or AOS-8 Web-Based Management Interface" }, { "acknowledgments": [ { "names": [ "Erik de Jong" ], "organization": "Bugcrowd", "summary": "This vulnerability was discovered by erikdejong and reported through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37176", "notes": [ { "category": "details", "text": "A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism.", "title": "Details" }, { "category": "other", "text": "VULN-72, VULN-73", "title": "Internal References" } ], "product_status": { "fixed": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "known_affected": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] }, "remediations": [ { "category": "vendor_fix", "date": "2026-01-13T17:00:00.000Z", "details": "Upgrade Mobility Conductors, Controllers, and Gateways to one of the following AOS-10 or AOS-8 versions (as applicable) to resolve the vulnerabilities described in the details section:\n - AOS-10.7.x.x: 10.7.2.2 and above\n - AOS-10.4.x.x: 10.4.1.10 and above\n - AOS-8.13.x.x: 8.13.1.1 and above\n - AOS-8.10.x.x: 8.10.0.21 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at \nhttps://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE\n\nHPE Aruba Networking does not evaluate or patch AOS-10 GW and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "url": "https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE" }, { "category": "workaround", "date": "2026-01-13T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "environmentalScore": 6.5, "environmentalSeverity": "MEDIUM", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "title": "Authenticated Command Injection Vulnerability in an AOS-8 operating system's internal workflow" }, { "acknowledgments": [ { "names": [ "LIUPENG" ], "organization": "Bugcrowd", "summary": "These vulnerabilities were discovered by LIUPENG and reported through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37177", "notes": [ { "category": "details", "text": "An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.", "title": "Details" }, { "category": "other", "text": "VULN-104", "title": "Internal References" } ], "product_status": { "fixed": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "known_affected": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] }, "remediations": [ { "category": "vendor_fix", "date": "2026-01-13T17:00:00.000Z", "details": "Upgrade Mobility Conductors, Controllers, and Gateways to one of the following AOS-10 or AOS-8 versions (as applicable) to resolve the vulnerabilities described in the details section:\n - AOS-10.7.x.x: 10.7.2.2 and above\n - AOS-10.4.x.x: 10.4.1.10 and above\n - AOS-8.13.x.x: 8.13.1.1 and above\n - AOS-8.10.x.x: 8.10.0.21 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at \nhttps://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE\n\nHPE Aruba Networking does not evaluate or patch AOS-10 GW and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ], "url": "https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE" }, { "category": "workaround", "date": "2026-01-13T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "environmentalScore": 6.5, "environmentalSeverity": "MEDIUM", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ ">=10.6.0.0|<=10.7.2.1", ">=10.3.0.0|<=10.4.1.9", ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "title": "Authenticated Arbitrary File Deletion Vulnerability in AOS-10 or AOS-8 Command Line Interface (CLI)" }, { "acknowledgments": [ { "names": [ "n3k" ], "organization": "Bugcrowd", "summary": "These vulnerabilities were discovered by n3k and reported through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37178", "notes": [ { "category": "details", "text": "Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.", "title": "Details" }, { "category": "other", "text": "VULN-143", "title": "Internal References" } ], "product_status": { "known_affected": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] }, "remediations": [ { "category": "workaround", "date": "2026-01-27T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.\n\nNote: Engineering is actively working on a permanent fix for these issues. Until the update is released, we strongly encourage users to apply the provided workaround as a mitigation measure. This advisory will be updated promptly once the fix becomes available.", "product_ids": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "environmentalScore": 5.3, "environmentalSeverity": "MEDIUM", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 5.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "title": "Out-of-Bounds Read Vulnerabilities Leading to Process Crash in AOS-8 Operating System" }, { "acknowledgments": [ { "names": [ "m0omo0d" ], "organization": "Bugcrowd", "summary": "These vulnerabilities were discovered by m0omo0d and reported through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37179", "notes": [ { "category": "details", "text": "Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.", "title": "Details" }, { "category": "other", "text": "VULN-88", "title": "Internal References" } ], "product_status": { "fixed": [ "AOS-10.7.2.2", "AOS-10.4.1.10", "AOS-8.13.1.1", "AOS-8.10.0.21" ] }, "remediations": [ { "category": "workaround", "date": "2026-01-27T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.\n\nNote: Engineering is actively working on a permanent fix for these issues. Until the update is released, we strongly encourage users to apply the provided workaround as a mitigation measure. This advisory will be updated promptly once the fix becomes available.", "product_ids": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "environmentalScore": 5.3, "environmentalSeverity": "MEDIUM", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 5.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ ">=8.12.0.0|<=8.13.1.0", ">=8.10.0.0|<=8.10.0.20" ] } ], "title": "Out-of-Bounds Read Vulnerabilities Leading to Process Crash in AOS-8 Operating System" } ] }