Tag Archives: Aruba

4 RCEs in HPE Aruba Networking devices

4 RCEs in HPE Aruba Networking devices4 RCEs in HPE Aruba Networking devices4 RCEs in HPE Aruba Networking devices4 RCEs in HPE Aruba Networking devices4 RCEs in HPE Aruba Networking devices

4 RCEs in HPE Aruba Networking devices. All 4 vulnerabilities relate to buffer overflows in various ArubaOS services. ArubaOS is a network operating system for Aruba networking equipment, including switches, access points, and gateways. The company’s main focus is on wireless networks.

All 4 vulnerabilities are exploited via requests to the Process Application Programming Interface (PAPI), UDP port 8211, no authentication required. All have CVSS 9.8.

Vulnerable Products:

🔻 Mobility Conductor (formerly Mobility Master)
🔻 Mobility Controllers
🔻 Aruba Central manages WLAN Gateways and SD-WAN Gateways

Updates are available for minor versions of ArubaOS 8 and 10. Legacy versions of ArubaOS and SD-WAN are also vulnerable.

Now is the time to check if you have anything from HPE Aruba on your network before an exploit appears. 😉

На русском