- 334/2024
- High
Aruba has released security updatesto fix multiple vulnerabilities affecting several Aruba products.
The addressed vulnerabilities could allow the remote attacker to conduct cross-site scripting attacks or denial of service attacks or execute arbitrary commands/codes and gain access to the affected systems.
Sample of the addressed vulnerabilities:
HPE Aruba Networking ClearPass Authenticated Remote Code Execution Vulnerability (CVE-2024-51771):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
The affected products:
- HPE Aruba Networking ClearPass Policy Manager 6.12.x: 6.12.2 and below.
- HPE Aruba Networking ClearPass Policy Manager 6.11.x: 6.11.9 and below.
- HPE Aruba Networking AirWave Management Platform 8.3.0.3 and below.
Vulnerabilities
- CVE-2024-51771
- CVE-2024-51772
- CVE-2022-25844
- CVE-2024-51773
- CVE-2024-53672
- CVE-2024-54008
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.