HPE Aruba patches critical security flaws across access points

An image of network security icons for a network encircling a digital blue earth.

(Image credit: Shutterstock) (Image credit: Shutterstock)

HPE has revealed Aruba Access Points (APs), the company’s high-performance Wi-Fi devices, could have been vulnerable to a threat granting threat actors the ability to execute malicious code remotely.

The company confirmed the news in a security advisory, noting APs carried three critical vulnerabilities in the Command Line Interface (CLI) service: CVE:2024-42505, CVE-2024-42506, and CVE-2024-42507. By sending specially crafted packets to UDP port 8211 of the AP management protocol, PAPI, the crooks could elevate their privileges and thus gain the ability to execute arbitrary code.

APs running Instant AOS-8 and AOS-10 are all affected by these flaws, which includes AOS-10.6.x.x: 10.6.0.2 and below, AOS-10.4.x.x: 10.4.1.3 and below, Instant AOS-8.12.x.x: 8.12.0.1 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and below.

Patches and workarounds

A patch is already available for download, and given the severity of the flaws in question, HPE (Aruba’s parent company) urges users to apply it without hesitation. Those unable to install the patch on Instant AOS-8.x should enable “cluster-security”, while those with AOS-10 endpoints should block access to port UDP/8211 from all untrusted networks.

Other Aruba products, such as Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways, were confirmed safe. The good news is that there is no evidence of in-the-wild exploits, and no one has yet shared a Proof-of-Concept (PoC).

Aruba Access Points are wireless networking devices designed to provide high-performance, secure, and reliable Wi-Fi coverage in various environments, such as offices, campuses, and public spaces. They are part of Aruba's broader networking solutions, which focus on simplifying network management while ensuring strong connectivity for users and IoT devices.

Via BleepingComputer

More from TechRadar Pro

A Google Kubernetes security flaw could let anyone with a Gmail account compromise your business
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.