1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Aruba says it has patched a number of critical security flaws, so

    From TechnologyDaily@1337:1/100 to All on Thu Mar 2 17:45:03 2023
    Aruba says it has patched a number of critical security flaws, so update now

    Date:
    Thu, 02 Mar 2023 17:20:05 +0000

    Description:
    A number of Aruba products are being patched to keep users safe.

    FULL STORY ======================================================================

    Aruba Networks has released a fix for six critical vulnerabilities found in a number of its products, and is now urging users to apply the patch
    immediately and avoid being targeted by cybercriminals.

    The vulnerabilities all have a severity score of 9.8, giving them the
    critical rating.

    According to the company, these vulnerabilities can be abused to grant malicious third parties elevated privileges and the ability to run arbitrary code, remotely. Patches and versions

    The vulnerabilities that were patched are: CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750, CVE-2023-22751 and CVE-2023-22752. They were discovered by cybersecurity researcher Erik de Jong, in these Aruba products: ArubaOS 8.6.0.19 and below, ArubaOS 8.10.0.4 and below, ArubaOS 10.3.1.0 and below, SD-WAN 8.7.0.0-2.3.0.8 and below.

    To make sure they keep their endpoints patched and secured, users should update the products to these versions: ArubaOS 8.10.0.5 and above, ArubaOS 8.11.0.0 and above, ArubaOS 10.3.1.1 and above, and SD-WAN 8.7.0.0-2.3.0.9
    and above.

    Users shold also keep in mind that some of the products reached end-of-life status, and as such will not be getting the updates: ArubaOS 6.5.4.x, ArubaOS 8.7.x.x, ArubaOS 8.8.x.x, ArubaOS 8.9.x.x, and SD-WAN 8.6.0.4-2.2.x.x. Read more

    Severe vulnerabilities expose wireless access points to attack


    Critical vulnerabilities discovered in millions of network switches


    These are the best malware protections at the moment

    Users are advised to use the software that hasnt yet reached end-of-life and receives updates.

    Those that cant apply the patch for whatever reasons can enable Enhanced PAPI Security mode using a non-default key, which was said to be a valid workaround, BleepingComputer reported. However, Arubas latest fix addresses another 15 high-severity and eight medium-severity flaws, so applying the fix is still highly recommended.

    Aruba said theres no evidence of these flaws being abused in the wild at the moment, but users should be on their guard. Here's our list of the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/aruba-says-it-has-patched-a-number-of-critical- security-flaws-so-update-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)