Vulnerability Management, Network Security

Half a dozen HPE Aruba Networking Access Point flaws addressed

Share
Adobe Stock

Updates have been issued by Hewlett Packard Enterprise to fix six security flaws affecting its Aruba Networking Access Point offerings, including a pair of critical unauthenticated command injection bugs within the CLI Service, tracked as CVE-2024-42509 and CVE-2024-47460, which could be leveraged for arbitrary code execution, according to The Hacker News.

Immediate patching of the severe vulnerabilities in impacted Aruba Network products, including AOS-10.4.x.x: 10.4.1.4 and below, Instant AOS-8.12.x.x: 8.12.0.2 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and below, has been urged by Arctic Wolf researchers despite lack of evidence suggesting active exploitation. "...[T]hreat actors may attempt to reverse-engineer the patches to exploit unpatched systems in the near future," said Arctic Wolf. HPE has also addressed the high-severity Instant AOS-8 and AOS-10 arbitrary remote command execution flaw, tracked as CVE-2024-47461, a pair of high-severity arbitrary file creation bugs, tracked as CVE-2024-47462 and CVE-2024-47463, and a medium severity authenticated path traversal issue, tracked as CVE-2024-47464.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.