Aruba Networks has released a patch for six critical vulnerabilities found in many of its products and is now urging users to apply the patch immediately and avoid being targeted by cybercriminals.
All vulnerabilities have a severity rating of 9.8, giving them a “critical” rating.
According to the company, these vulnerabilities could be exploited to grant malicious third parties elevated privileges and the ability to run arbitrary code remotely.
patches and versions
The vulnerabilities that have been patched are: CVE-2023-22747, CVE-2023-22748, CVE-2023-22749 and CVE-2023-22750, CVE-2023-22751 and CVE-2023-22752. These were discovered by cybersecurity researcher Erik de Jong in the following Aruba products: ArubaOS 184.108.40.206 and below, ArubaOS 220.127.116.11 and below, ArubaOS 10.3.1.0 and above, SD-WAN 18.104.22.168-22.214.171.124 and above.
To make sure they keep their endpoints (opens in a new tab) patched and secured, users should upgrade to the following versions: ArubaOS 126.96.36.199 and later, ArubaOS 188.8.131.52 and later, ArubaOS 10.3.1.1 and later, and SD-WAN 184.108.40.206-220.127.116.11 and later.
Users should also note that some products have reached end-of-life status and as such will not receive updates: ArubaOS 6.5.4.x, ArubaOS 8.7.xx, ArubaOS 8.8.xx, ArubaOS 8.9.xx and SD-WAN 18.104.22.168- 2.2.xx
Users are advised to use software that has not yet reached its end-of-life and is receiving updates.
Those unable to apply the patch for any reason can enable “Enhanced PAPI Security” mode using a non-default key, which has been deemed a valid workaround, BleepingComputer reported. However, Aruba’s latest patch addresses another 15 high-severity vulnerabilities and eight medium-severity vulnerabilities, so applying the patch is still highly recommended.
Aruba said there is no evidence at this time that these flaws are being abused in the wild, but users should be on their guard.
By: Beeping Computer (opens in a new tab)