cvedb.io
CVE-2022-37897
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-12-12T13:15:12.490 · Last modified 2026-06-17T04:55:39.320

Summary

There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Affected products

arubanetworks — sd-wan

Does this affect you?

Add your gear to cvedb and we'll alert you only when arubanetworks ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.