Aruba Networks has issued fixes for six critical security flaws impacting various Aruba-managed WLAN Gateways and SD-WAN Gateways, as well as Aruba Mobility Conductors and Aruba Mobility Controllers, reports BleepingComputer.
Threat actors with ArubaOS privileges could leverage the command injection vulnerabilities, tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750, to facilitate arbitrary code execution. Execution of arbitrary code could also be achieved with the exploitation of the stack-based overflow bugs, tracked as CVE-2023-22751 and CVE-2023-22752. Users of vulnerable systems, including those running on ArubaOS 8.6.0.19 and below, ArubaOS 8.10.0.4 and below, ArubaOS 10.3.1.0 and below, and SD-WAN 8.7.0.0-2.3.0.8 and below have been urged to apply the upgraded software.
Immediate software upgrades have also been recommended for those using ArubaOS and SD-WAN versions that have reached end of life.
Fifteen more high-severity and eight other medium-severity flaws have also been remediated in the updates issued by Aruba Networks, which noted that there has been no active exploitation of any of the fixed bugs.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news