Aruba says it has patched a number of critical security flaws, so update now
>
Aruba Networks has released a fix for six critical vulnerabilities in some of its products and is now urging users to apply the patch immediately and avoid being targeted by cybercriminals.
The vulnerabilities all have a severity score of 9.8, giving them a “critical” rating.
According to the company, these vulnerabilities can be exploited by malicious third parties to grant escalated privileges and to execute arbitrary code remotely.
Patches and Versions
The vulnerabilities that have been patched are: CVE-2023-22747, CVE-2023-22748, CVE-2023-22749 and CVE-2023-22750, CVE-2023-22751 and CVE-2023-22752. They were discovered by cybersecurity researcher Erik de Jong, in these Aruba products: ArubaOS 8.6.0.19 and below, ArubaOS 8.10.0.4 and below, ArubaOS 10.3.1.0 and below, SD-WAN 8.7.0.0-2.3.0.8 and below .
To make sure they keep their endpoints (opens in new tab) patched and secured, users must update the products to these versions: ArubaOS 8.10.0.5 and above, ArubaOS 8.11.0.0 and above, ArubaOS 10.3.1.1 and above, and SD-WAN 8.7.0.0-2.3.0.9 and above.
Users should also note that some products have reached end-of-life status and therefore will not receive the updates: ArubaOS 6.5.4.x, ArubaOS 8.7.xx, ArubaOS 8.8.xx, ArubaOS 8.9.xx and SD-WAN 8.6.0.4-2.2.xx
Users are advised to use the software that is not yet at end of life and receiving updates.
Those unable to apply the patch for any reason can enable “Enhanced PAPI Security” mode with a non-default key, which BleepingComputer says would be a valid workaround. However, Aruba’s latest fix fixes an additional 15 very serious and eight intermediate flaws, so applying the fix is ββstill highly recommended.
Aruba said there is currently no evidence that these flaws are being exploited in the wild, but users should be wary.
Through: Beeping computer (opens in new tab)