has issued fixes for six critical security flaws impacting various Aruba-managed WLAN Gateways and SD-WAN Gateways, as well as Aruba Mobility Conductors and Aruba Mobility Controllers, reports BleepingComputer
Threat actors with ArubaOS privileges could leverage the command injection vulnerabilities, tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750, to facilitate arbitrary code execution. Execution of arbitrary code could also be achieved with the exploitation of the stack-based overflow bugs, tracked as CVE-2023-22751 and CVE-2023-22752. Users of vulnerable systems, including those running on ArubaOS 184.108.40.206 and below, ArubaOS 220.127.116.11 and below, ArubaOS 10.3.1.0 and below, and SD-WAN 18.104.22.168-22.214.171.124 and below have been urged to apply the upgraded software.
Immediate software upgrades have also been recommended for those using ArubaOS and SD-WAN versions that have reached end of life.
Fifteen more high-severity and eight other medium-severity flaws have also been remediated in the updates issued by Aruba Networks, which noted that there has been no active exploitation of any of the fixed bugs.