Tag Archives: HPE

4 RCEs in HPE Aruba Networking devices

Leave a reply

4 RCEs in HPE Aruba Networking devices4 RCEs in HPE Aruba Networking devices4 RCEs in HPE Aruba Networking devices4 RCEs in HPE Aruba Networking devices4 RCEs in HPE Aruba Networking devices

4 RCEs in HPE Aruba Networking devices. All 4 vulnerabilities relate to buffer overflows in various ArubaOS services. ArubaOS is a network operating system for Aruba networking equipment, including switches, access points, and gateways. The company’s main focus is on wireless networks.

All 4 vulnerabilities are exploited via requests to the Process Application Programming Interface (PAPI), UDP port 8211, no authentication required. All have CVSS 9.8.

Vulnerable Products:

🔻 Mobility Conductor (formerly Mobility Master)
🔻 Mobility Controllers
🔻 Aruba Central manages WLAN Gateways and SD-WAN Gateways

Updates are available for minor versions of ArubaOS 8 and 10. Legacy versions of ArubaOS and SD-WAN are also vulnerable.

Now is the time to check if you have anything from HPE Aruba on your network before an exploit appears. 😉

На русском

My short review of “IDC Worldwide Security and Vulnerability Management Market Shares 2016”

2 Replies

My short review of “IDC Worldwide Security and Vulnerability Management Market Shares 2016”. On February 12 IDC published new report about Security and Vulnerability Management market. You can buy it on the official website for $4500. Or you can simply download free extract on Qualys website (Thanks, Qualys!). I’ve read it and now I want to share my impressions.

IDC Worldwide Security and Vulnerability Management Market Shares 2016

I think it’s better start reading this report from the end, from “MARKET DEFINITION” section. First of all, IDC believe that there is a “Security and Vulnerability Management” (SVM) market. It consists of two separate “symbiotic markets”: security management and vulnerability assessment (VA).

Continue reading