Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

HPE Aruba patches critical security flaws across access points

An image of network security icons for a network encircling a digital blue earth.

HPE has revealed Aruba Access Points (APs), the company’s high-performance Wi-Fi devices, could have been vulnerable to a threat granting threat actors the ability to execute malicious code remotely.

The company confirmed the news in a security advisory, noting APs carried three critical vulnerabilities in the Command Line Interface (CLI) service: CVE:2024-42505, CVE-2024-42506, and CVE-2024-42507. By sending specially crafted packets to UDP port 8211 of the AP management protocol, PAPI, the crooks could elevate their privileges and thus gain the ability to execute arbitrary code.

APs running Instant AOS-8 and AOS-10 are all affected by these flaws, which includes AOS-10.6.x.x: 10.6.0.2 and below, AOS-10.4.x.x: 10.4.1.3 and below, Instant AOS-8.12.x.x: 8.12.0.1 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and below.

Patches and workarounds

A patch is already available for download, and given the severity of the flaws in question, HPE (Aruba’s parent company) urges users to apply it without hesitation. Those unable to install the patch on Instant AOS-8.x should enable “cluster-security”, while those with AOS-10 endpoints should block access to port UDP/8211 from all untrusted networks.

Other Aruba products, such as Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways, were confirmed safe. The good news is that there is no evidence of in-the-wild exploits, and no one has yet shared a Proof-of-Concept (PoC).

Aruba Access Points are wireless networking devices designed to provide high-performance, secure, and reliable Wi-Fi coverage in various environments, such as offices, campuses, and public spaces. They are part of Aruba's broader networking solutions, which focus on simplifying network management while ensuring strong connectivity for users and IoT devices.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.