Aruba Networks fixes six critical vulnerabilities in ArubaOS

Home/cyberattack, Exploitation, Internet Security, malicious cyber actors, Security Advisory, Security Update, vulnerability/Aruba Networks fixes six critical vulnerabilities in ArubaOS

Aruba Networks fixes six critical vulnerabilities in ArubaOS

Aruba Networks has issued a security advisory addressing six critical vulnerabilities that exist in various versions of its proprietary operating system – ArubaOS.

Aruba Networks, formerly known as Aruba Wireless Networks, is a Santa Clara, California-based wireless networking subsidiary of Hewlett Packard Enterprise company.

critical flaw in ArubaOS

The critical flaws facing Aruba this time around can be divided into two categories: command injection flaws and stack-based buffer overflow issues in the Aruba Networks access point management protocol (PAPI).

Security analyst Erik de Jong discovered all the flaws and notified the vendor through the official bug bounty program.

The command injection vulnerabilities are tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750, with a CVSS v3 score of 9,8 out of 10.An unauthenticated, remote attacker can exploit them by sending specially crafted packets to PAPI over UDP port 8211, resulting in arbitrary code execution as a privileged user on ArubaOS.

Affected Versions

  • ArubaOS and below
  • ArubaOS and below
  • ArubaOS and below
  • SD-WAN and below

Unfortunately, some end-of-life product versions (Eol) have been affected by these security issues and they will not receive any correction. Specifically:

  • ArubaOS 6.5.4.x
  • ArubaOS 8.7.xx
  • ArubaOS 8.8.xx
  • ArubaOS 8.9.xx
  • SD-WAN

System administrators who cannot deploy the necessary security updates or use EoL devices can bypass this problem by enabling the “Enhanced PAPI Security” feature with non-default key.

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!