Aruba Access Points Multiple Critical Vulnerabilities (CVE-2024-31466, CVE-2024-31467, CVE-2024-31468, CVE-2024-31469, CVE-2024-31470, CVE-2024-31471, CVE-2024-31472, CVE-2024-31473)

Advisory No: TZCERT/SA/2024/05/17-3

Date of First Release: 17^th May 2024

Source: Hewlett-Packard

Software Affected: Aruba Access Points running InstantOS and ArubaOS 10

Overview:

Aruba Access Points are vulnerable to multiple critical vulnerabilities. The attackers can leverage the vulnerabilities to execute arbitrary code on the affected Access Point.

Description:

Aruba Access Points are affected by multiple vulnerabilities among them are six (6) critical vulnerabilities with a rating score of 9.8. These flaws include buffer overflow and command injection vulnerabilities. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Hewlett-Packard has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt