Critical Vulnerabilities in Aruba Access Points: What You Need to Know!

HPE has issued an urgent patch this week for critical vulnerabilities discovered in its Aruba Networking access points. These flaws, which could potentially allow unauthenticated remote command injection, are of particular concern to organizations using Instant AOS-8 and Instant AOS-10 software versions.

The vulnerabilities tracked as CVE-2024–42509 (CVSS score of 9.8) and CVE-2024–47460 (CVSS score of 9.0), are serious, as they could lead to remote code execution (RCE), which may allow attackers to execute arbitrary code as a privileged user on the underlying operating system.

Here’s what you need to know:

CVE-2024–42509 and CVE-2024–47460 allow unauthenticated attackers to exploit the Aruba access point’s underlying CLI service via UDP port 8211, potentially compromising the system.The affected devices are running the Instant AOS-8 and Instant AOS-10 software versions, as well as legacy versions that have reached End of Life (EoL).The vulnerabilities could lead to arbitrary code execution, enabling attackers to take full control of the system.CVE-2024–47461: Allows an authenticated attacker to execute arbitrary commands as a privileged user, fully compromising the host operating system.CVE-2024–47462 and CVE-2024–47463: Authenticated attackers could create arbitrary files, leading to remote command execution.For Instant AOS-8 devices: Enabling cluster security through the cluster-security command will prevent these vulnerabilities from being exploited.For Instant AOS-10 devices: Block UDP port 8211 from untrusted networks.Use firewall policies and restrict CLI/web-based management interfaces to a dedicated Layer 2 segment or VLAN.

🚨 Stay Ahead of Cyber Threats: Protect Your Network Today!

In light of these severe vulnerabilities, Wire Tor is offering 50% off Penetration Testing services this Black Friday & Cyber Monday! Ensure your systems are secure from potential RCE vulnerabilities and command injection flaws before attackers can exploit them.

Contact Wire Tor now for expert penetration testing and take advantage of our limited-time offer! 💥