1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • HPE Aruba patches critical security flaws across access points

    From TechnologyDaily@1337:1/100 to All on Fri Sep 27 14:15:05 2024
    HPE Aruba patches critical security flaws across access points

    Date:
    Fri, 27 Sep 2024 13:13:37 +0000

    Description:
    Three bugs allowing for remote code execution were addressed, with users advised to patch ASAP.

    FULL STORY ======================================================================

    HPE has revealed Aruba Access Points (APs), the companys high-performance Wi-Fi devices, could have been vulnerable to a threat granting threat actors the ability to execute malicious code remotely.

    The company confirmed the news in a security advisory, noting APs carried three critical vulnerabilities in the Command Line Interface (CLI) service: CVE:2024-42505, CVE-2024-42506, and CVE-2024-42507. By sending specially crafted packets to UDP port 8211 of the AP management protocol, PAPI, the crooks could elevate their privileges and thus gain the ability to execute arbitrary code.

    APs running Instant AOS-8 and AOS-10 are all affected by these flaws, which includes AOS-10.6.x.x: 10.6.0.2 and below, AOS-10.4.x.x: 10.4.1.3 and below, Instant AOS-8.12.x.x: 8.12.0.1 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and below. Patches and workarounds

    A patch is already available for download, and given the severity of the
    flaws in question, HPE (Arubas parent company) urges users to apply it
    without hesitation. Those unable to install the patch on Instant AOS-8.x should enable cluster-security, while those with AOS-10 endpoints should
    block access to port UDP/8211 from all untrusted networks.

    Other Aruba products, such as Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways, were confirmed safe. The good news is that there is no evidence of in-the-wild exploits, and no one has yet shared a Proof-of-Concept (PoC).

    Aruba Access Points are wireless networking devices designed to provide high-performance, secure, and reliable Wi-Fi coverage in various
    environments, such as offices, campuses, and public spaces. They are part of Aruba's broader networking solutions, which focus on simplifying network management while ensuring strong connectivity for users and IoT devices.

    Via BleepingComputer More from TechRadar Pro A Google Kubernetes security flaw could let anyone with a Gmail account compromise your business Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hpe-aruba-patches-critical-security-fla ws-across-several-access-points


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)