HPE reveals critical security bug affecting networking access points

A person at a laptop with a cybersecure lock symbol floating above it.

(Image credit: Shutterstock / laymanzoom)

HPE releases patch for six serious security vulnerabilities
The bugs affected multiple products, and could be used in destructive cyberattacks
Patching is advised, but workarounds are available

Two critical security bugs were found plaguing Hewlett Packard Enterprise (HPE) endpoints, the company has confirmed, as it released a patch and follow-up security advisory.

As per the bulletin, multiple Aruba Networking Access Points (AP), powered by thee Instant AOS-8 and AOS-10 operating systems, were vulnerable to a total of six flaws, which allowed crooks to mount authenticated remote command execution attacks, create arbitrary files, perform unauthenticated command injection, and more.

Of the six, two were particularly dangerous: CVE-2024-42509, and CVE-2024-47460. These were assigned severity scores 9.8 and 9.0, and could have been abused by sending specially crafted packets to Aruba’s Access Point management protocol (PAPI).

End of life

The remaining four vulnerabilities are tracked as CVE-2024-47461, CVE-2024-47462, CVE-2024-47463, and CVE-2024-47464.

All of them plague AOS-10.4.x.x: 10.4.1.4 and older releases, Instant AOS-8.12.x.x: 8.12.0.2 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and older versions.

If your product is older, and isn’t among the ones listed here, then it’s likely reached its end-of-life status and as such will not be patched. In such cases, HPE advises users to replace the instance with a newer model that is still supported.

Those who are still under HPE’s support should update their access points to these versions:

AOS-10.7.x.x: Update to version 10.7.0.0 and later.
AOS-10.4.x.x: Update to version 10.4.1.5 or later.
Instant AOS-8.12.x.x: Update to version 8.12.0.3 or newer.
Instant AOS-8.10.x.x: Update to version 8.10.0.14 or above

There are also workarounds for those who cannot install the patch immediately, which include blocking access to UDP port 8211 from all untrusted networks, restricting access to the CLI and web-based management interfaces, and controlling access with firewall policies at layer 3 and higher.

At press time, there was no evidence of in-the-wild abuse.

Via BleepingComputer

Major Palo Alto security flaw is being exploited via Python zero-day backdoor
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.