Aruba Products Multiple Vulnerabilities
Release Date: 20 Nov 2025
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Aruba Products. A remote attacker could exploit these vulnerabilities to trigger denial of service condition, security restriction bypass, sensitive information disclosure, data manipulation and remote code execution on the targeted system.
Impact
- Remote Code Execution
- Data Manipulation
- Information Disclosure
- Security Restriction Bypass
- Denial of Service
System / Technologies affected
HPE Aruba Networking AOS-CX Software Version(s):
- AOS-CX 10.16.xxxx: 10.16.1000 and below
- AOS-CX 10.15.xxxx: 10.15.1020 and below
- AOS-CX 10.14.xxxx: 10.14.1050 and below
- AOS-CX 10.13.xxxx: 10.13.1090 and below
- AOS-CX 10.10.xxxx: 10.10.1160 and below
HPE Aruba Networking 100 Series Cellular Bridge Version(s):
- AOS-10.7.1.x: 10.7.1.1 and below
HPE Aruba Networking Management Software (AirWave):
- 8.3.0.4 and below
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04971en_us&docLocale=en_US
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04970en_us&docLocale=en_US
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US
Vulnerability Identifier
- CVE-2024-12084
- CVE-2024-12085
- CVE-2024-12086
- CVE-2024-12087
- CVE-2024-12088
- CVE-2024-12747
- CVE-2025-26466
- CVE-2025-37155
- CVE-2025-37156
- CVE-2025-37157
- CVE-2025-37158
- CVE-2025-37159
- CVE-2025-37160
- CVE-2025-37161
- CVE-2025-37162
- CVE-2025-37163
沒有留言:
發佈留言