Aruba Networks released a stability advisory to advise shoppers about 6 critical-severity vulnerabilities impacting many variations of ArubaOS, its proprietary network working system.
The flaws effect Aruba Mobility Conductor, Aruba Mobility Controllers, and Aruba-managed WLAN Gateways and SD-WAN Gateways.
Aruba Networks is a California-based mostly subsidiary of Hewlett Packard Business, specializing in personal computer networking and wi-fi connectivity methods.
The significant flaws tackled by Aruba this time can be separated into two types: command injection flaws and stack-based buffer overflow problems in the PAPI protocol (Aruba Networks accessibility level administration protocol).
All flaws have been found out by stability analyst Erik de Jong, who noted them to the vendor by means of the official bug bounty program.
The command injection vulnerabilities are tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750, with a CVSS v3 ranking of 9.8 out of 10..
An unauthenticated, distant attacker can leverage them
… read more...