Aruba Products Multiple Vulnerabilities
Release Date: 11 May 2023
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Aruba Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure and denial of service on the targeted system.
Impact
- Remote Code Execution
- Denial of Service
- Information Disclosure
System / Technologies affected
- Aruba Access Points running InstantOS and ArubaOS 10
Affected Software Versions
- ArubaOS 10.3.1.0 and below
- Aruba InstantOS 8.10.0.4 and below
- Aruba InstantOS 8.6.0.19 and below
- Aruba InstantOS 6.5.4.23 and below
- Aruba InstantOS 6.4.4.8-4.2.4.20 and below
The following ArubaOS and SD-WAN software versions that are End of Life are affected by these vulnerabilities and are not patched by this advisory
- InstantOS 8.9.x
- InstantOS 8.8.x
- InstantOS 8.7.x
- InstantOS 8.5.x
- InstantOS 8.4.x
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Vulnerability Identifier
- CVE-2023-22779
- CVE-2023-22780
- CVE-2023-22781
- CVE-2023-22782
- CVE-2023-22783
- CVE-2023-22784
- CVE-2023-22785
- CVE-2023-22786
- CVE-2023-22787
- CVE-2023-22788
- CVE-2023-22789
- CVE-2023-22790
- CVE-2023-22791
沒有留言:
發佈留言