- 300/2024
- Critical
Aruba has released security updates to fix multiple vulnerabilities affecting Aruba Access Points running Instant AOS-8 and AOS 10.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands and gain access to the affected product by sending a specially crafted request via UDP port 8211.
Sample of the addressed vulnerabilities:
HPE Aruba Networking Access Points Command Execution Vulnerability (CVE-2024-42509):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Affected products:
- AOS-10.4.x.x: 10.4.1.4 and below.
- Instant AOS-8.12.x.x: 8.12.0.2 and below.
- Instant AOS-8.10.x.x: 8.10.0.13 and below.
Vulnerabilities
- CVE-2024-42509
- CVE-2024-47460
- CVE-2024-47461
- CVE-2024-47462
- CVE-2024-47463
- CVE-2024-47464
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.