Vulnerability Management

Critical ArubaOS vulnerabilities addressed

Aruba Networks has issued fixes for six critical security flaws impacting various Aruba-managed WLAN Gateways and SD-WAN Gateways, as well as Aruba Mobility Conductors and Aruba Mobility Controllers, reports BleepingComputer. Threat actors with ArubaOS privileges could leverage the command injection vulnerabilities, tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750, to facilitate arbitrary code execution. Execution of arbitrary code could also be achieved with the exploitation of the stack-based overflow bugs, tracked as CVE-2023-22751 and CVE-2023-22752. Users of vulnerable systems, including those running on ArubaOS and below, ArubaOS and below, ArubaOS and below, and SD-WAN and below have been urged to apply the upgraded software. Immediate software upgrades have also been recommended for those using ArubaOS and SD-WAN versions that have reached end of life. Fifteen more high-severity and eight other medium-severity flaws have also been remediated in the updates issued by Aruba Networks, which noted that there has been no active exploitation of any of the fixed bugs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.