4 RCEs in HPE Aruba Networking devices. All 4 vulnerabilities relate to buffer overflows in various ArubaOS services. ArubaOS is a network operating system for Aruba networking equipment, including switches, access points, and gateways. The company’s main focus is on wireless networks.
All 4 vulnerabilities are exploited via requests to the Process Application Programming Interface (PAPI), UDP port 8211, no authentication required. All have CVSS 9.8.
Vulnerable Products:
🔻 Mobility Conductor (formerly Mobility Master)
🔻 Mobility Controllers
🔻 Aruba Central manages WLAN Gateways and SD-WAN Gateways
Updates are available for minor versions of ArubaOS 8 and 10. Legacy versions of ArubaOS and SD-WAN are also vulnerable.
Now is the time to check if you have anything from HPE Aruba on your network before an exploit appears. 😉
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.