September 26, 2024 at 08:12AM
HPE Aruba Networking fixed three critical vulnerabilities in its Aruba Access Points’ Command Line Interface (CLI) service. CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507 with a severity score of 9.8/10 can enable attackers to execute arbitrary code remotely via specially crafted packets. Administrators are advised to upgrade to the latest software to mitigate potential attacks.
Key takeaways from the meeting notes are as follows:
1. HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which were tracked as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507. These vulnerabilities are a 9.8/10 severity score and could allow unauthenticated attackers to gain remote code execution.
2. The vulnerabilities affect Aruba Access Points running Instant AOS-8 and AOS 10 and were reported by security researcher Erik De Jong through HPE Aruba Networking’s bug bounty program.
3. Customers are advised to upgrade their devices to the latest software to block potential attacks. Patches are available for download on the HPE Networking Support Portal.
4. A temporary workaround is available for devices running Instant AOS-8.x code, which involves enabling “cluster-security” to block exploitation attempts. For AOS-10 devices, blocking access to port UDP/8211 from all untrusted networks is advised.
5. Other Aruba products, including Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways, are not impacted by the vulnerabilities.
6. No public exploit code is available, and there have been no reports of attacks targeting the three critical vulnerabilities.
7. Earlier this year, HPE Aruba Networking also patched four critical RCE vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
8. In February, Hewlett Packard Enterprise (HPE) said it was investigating a potential breach after a threat actor posted credentials and other sensitive information allegedly stolen from HPE for sale on a hacking forum. Additionally, their Microsoft Office 365 email environment was breached in May 2023 by hackers believed to be part of the APT29 threat group linked to Russia’s Foreign Intelligence Service (SVR).
These are the main points from the meeting notes. Let me know if you need any more information or if there’s anything else I can assist you with!