Search here...
Hacking

4 Important Vulnerabilities Expose HPE Aruba Gadgets to RCE Assaults

admin
admin

Might 03, 2024NewsroomVulnerability / Software program Safety

HPE Aruba Networking (previously Aruba Networks) has launched safety updates to handle important flaws impacting ArubaOS that would lead to distant code execution (RCE) on affected programs.

Of the 10 safety defects, 4 are rated important in severity –

  • CVE-2024-26304 (CVSS rating: 9.8) – Unauthenticated Buffer Overflow Vulnerability within the L2/L3 Administration Service Accessed by way of the PAPI Protocol
  • CVE-2024-26305 (CVSS rating: 9.8) – Unauthenticated Buffer Overflow Vulnerability within the Utility Daemon Accessed by way of the PAPI Protocol
  • CVE-2024-33511 (CVSS rating: 9.8) – Unauthenticated Buffer Overflow Vulnerability within the Automated Reporting Service Accessed by way of the PAPI Protocol
  • CVE-2024-33512 (CVSS rating: 9.8) – Unauthenticated Buffer Overflow Vulnerability within the Native Consumer Authentication Database Accessed by way of the PAPI Protocol

A risk actor might exploit the aforementioned buffer overflow bugs by sending specifically crafted packets destined to the Course of Utility Programming Interface (PAPI) UDP port (8211), thereby gaining the power to execute arbitrary code as a privileged consumer on the underlying working system.

Cybersecurity

The vulnerabilities, which affect Mobility Conductor (previously Mobility Grasp), Mobility Controllers, and WLAN Gateways and SD-WAN Gateways managed by Aruba Central, are current within the following software program variations –

  • ArubaOS 10.5.1.0 and under
  • ArubaOS 10.4.1.0 and under
  • ArubaOS 8.11.2.1 and under, and
  • ArubaOS 8.10.0.10 and under

Additionally they affect the ArubaOS and SD-WAN software program variations which have reached finish of upkeep standing –

  • ArubaOS 10.3.x.x
  • ArubaOS 8.9.x.x
  • ArubaOS 8.8.x.x
  • ArubaOS 8.7.x.x
  • ArubaOS 8.6.x.x
  • ArubaOS 6.5.4.x
  • SD-WAN 8.7.0.0-2.3.0.x, and
  • SD-WAN 8.6.0.4-2.2.x.x

A safety researcher named Chancen has been credited with discovering and reporting seven of the ten points, together with the 4 important buffer overflow vulnerabilities.

Customers are suggested to use the most recent fixes to mitigate potential threats. As short-term workarounds for ArubaOS 8.x, the corporate is recommending that customers allow the Enhanced PAPI Safety characteristic utilizing a non-default key.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.

Recent articles

Cyber Security

Microsoft testing Home windows 11 assist for third-party passkeys

​Microsoft is now testing WebAuthn API...
Read more
Cyber Security

Home windows 11 24H2 replace blocked on PCs with Murderer’s Creed, Star Wars Outlaws

Microsoft is obstructing the Home windows...
Read more
Hacking

Andrew Tate’s College Breach: 1 Million Person Information and Chats Leaked

Andrew Tate’s “The Real World” platform has been breached,...
Read more
Hacking

North Korean Hackers Steal $10M with AI-Pushed Scams and Malware on LinkedIn

Nov 23, 2024Ravie LakshmananSynthetic Intelligence / Cryptocurrency The North Korea-linked...
Read more
Hacking

Google Exposes GLASSBRIDGE: A Professional-China Affect Community of Pretend Information Websites

Nov 23, 2024Ravie LakshmananCloud Security / Risk Intelligence Authorities businesses...
Read more
Previous article
Cybersecurity advisor arrested after allegedly extorting IT agency
Next article
New Information Explains The best way to Eradicate the Threat of Shadow SaaS and Defend Company Information
admin
adminhttps://chinamoney.network

About us

We understand that cybersecurity is a rapidly evolving field, with new threats emerging every day. That’s why we are committed to staying ahead of the curve and providing our readers with the most up-to-date and relevant information available.

Company

Must Read

Subscribe

© 2024 Wanderlust. All Rights Reserved.