HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities
Nov 11, 2024
Vulnerability / Risk Mitigation
Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10 - AOS-10.4.x.x: 10.4.1.4 and below Instant AOS-8.12.x.x: 8.12.0.2 and below Instant AOS-8.10.x.x: 8.10.0.13 and below The most severe among the six newly patched vulnerabilities are CVE-2024-42509 (CVSS score: 9.8) and CVE-2024-47460 (CVSS score: 9.0), two critical unauthenticated command injection flaws in the CLI Service that could result in the execution of arbitrary code. "Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211)," HPE said in an advisory for both the flaws. "Successful exp...