Aruba Networks has issued fixes for six critical security flaws impacting various Aruba-managed WLAN Gateways and SD-WAN Gateways, as well as Aruba Mobility Conductors and Aruba Mobility Controllers, reports BleepingComputer. Threat actors with ArubaOS privileges could leverage the command injection vulnerabilities, tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750, to facilitate arbitrary code execution. Execution of arbitrary code could also be achieved with the exploitation of the stack-based overflow bugs, tracked as CVE-2023-22751 and CVE-2023-22752. Users of vulnerable systems, including those running on ArubaOS and below, ArubaOS and below, ArubaOS and below, and SD-WAN and below have been urged to apply the upgraded software. Immediate software upgrades have also been recommended for those using ArubaOS and SD-WAN versions that have reached end of life. Fifteen more high-severity and eight other medium-severity flaws have also been remediated in the updates issued by Aruba Networks, which noted that there has been no active exploitation of any of the fixed bugs.