Security News > 2024 > May > HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
ArubaOS 10.5.1.0 and below, 10.4.1.0 and older, 8.11.2.1 and below, and 8.10.0.10 and older.
All versions of ArubaOS and SD-WAN that have reached EoL. This includes ArubaOS below 10.3, 8.9, 8.8, 8.7, 8.6, 6.5.4, and SD-WAN 2.3.0 through 8.7.0.0 and 2.2 through 8.6.0.4.
To mitigate the flaws the vendor recommends enabling Enhanced PAPI Security and upgrading to patched versions for ArubaOS. The latest versions also address another six vulnerabilities, all rated "Medium" in severity which could allow unauthenticated attackers to create denial of service on vulnerable devices and cause costly operational disruptions.
At this time, HPE Aruba Networking is not aware of any cases of active exploitation or the existence of proof-of-concept exploits for the mentioned vulnerabilities.
Palo Alto Networks fixes zero-day exploited to backdoor firewalls.
News URL
Related news
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)