Aruba Networks has issued fixes for six critical security flaws impacting various Aruba-managed WLAN Gateways and SD-WAN Gateways, as well as Aruba Mobility Conductors and Aruba Mobility Controllers, reports BleepingComputer.
Threat actors with ArubaOS privileges could leverage the command injection vulnerabilities, tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750, to facilitate arbitrary code execution. Execution of arbitrary code could also be achieved with the exploitation of the stack-based overflow bugs, tracked as CVE-2023-22751 and CVE-2023-22752. Users of vulnerable systems, including those running on ArubaOS 8.6.0.19 and below, ArubaOS 8.10.0.4 and below, ArubaOS 10.3.1.0 and below, and SD-WAN 8.7.0.0-2.3.0.8 and below have been urged to apply the upgraded software.
Immediate software upgrades have also been recommended for those using ArubaOS and SD-WAN versions that have reached end of life.
Fifteen more high-severity and eight other medium-severity flaws have also been remediated in the updates issued by Aruba Networks, which noted that there has been no active exploitation of any of the fixed bugs.