Skip to main content

Aruba Products Multiple Vulnerabilities

Last Update Date: 19 May 2023 Release Date: 11 May 2023 7892 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Aruba Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure and denial of service on the targeted system.

 

[Updated on 2023-05-19] 

Updated System / Technologies affected.


Impact

  • Remote Code Execution
  • Denial of Service
  • Information Disclosure

System / Technologies affected

  • Aruba Access Points running InstantOS and ArubaOS 10

Affected Software Versions

  • ArubaOS 10.3.1.0 and below
  • ArubaOS 10.4.0.0 and below
  • Aruba InstantOS 8.10.0.3 and below
  • Aruba InstantOS 8.10.0.4 and below
  • Aruba InstantOS 8.10.0.5 and below
  • Aruba InstantOS 8.6.0.19 and below
  • Aruba InstantOS 8.6.0.20 and below
  • Aruba InstantOS 8.11.0.0 and below
  • Aruba InstantOS 6.5.4.23 and below
  • Aruba InstantOS 6.5.4.24 and below
  • Aruba InstantOS 6.4.4.8-4.2.4.20 and below
  • Aruba InstantOS 6.4.4.8-4.2.4.21 and below

 

The following ArubaOS and SD-WAN software versions that are End of Life are affected by these vulnerabilities and are not patched by this advisory

  • InstantOS 8.9.x
  • InstantOS 8.8.x
  • InstantOS 8.7.x
  • InstantOS 8.5.x
  • InstantOS 8.4.x
 

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link