May 3, 2024 at 01:21AM
HPE Aruba Networking has released critical security updates for ArubaOS to address 10 security flaws, including four rated as severe threats. These vulnerabilities allow remote code execution and affect various software versions, impacting devices managed by Aruba Central. Security researcher Chancen discovered seven of the issues. Users are urged to apply the latest fixes to safeguard their systems.
Key takeaways from the meeting notes:
1. HPE Aruba Networking has released security updates to address critical flaws impacting ArubaOS, which could lead to remote code execution on affected systems.
2. There are 10 security defects, with four being rated as critical in severity, including buffer overflow vulnerabilities accessed via the PAPI Protocol.
3. The vulnerabilities impact various software versions of ArubaOS, as well as SD-WAN Gateways, and versions that have reached end of maintenance status.
4. Security researcher Chancen discovered and reported seven of the 10 issues, including the critical buffer overflow vulnerabilities.
5. Users are advised to apply the latest fixes and enable the Enhanced PAPI Security feature using a non-default key as a temporary workaround for ArubaOS 8.x.
These takeaways highlight the critical security updates released by HPE Aruba Networking and the recommended actions for users to mitigate potential threats.