- 265/2024
- High
Aruba has released a security update to fix multiple vulnerabilities affecting several versions of HPE Aruba OS.
The addressed vulnerabilities could allow the remote attacker to traverse directories, execute arbitrary code, and gain access to the affected products by sending a specially crafted request.
Sample of the addressed vulnerabilities:
HPE Aruba OS Directory Traversal Vulnerability (CVE-2024-42501):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Affected products:
- HPE Aruba Networking Mobility Conductor (formerly Mobility Master).
- HPE Aruba Networking Mobility Controllers.
- HPE Aruba Networking WLAN Gateways and SD-WAN Gateways managed by Aruba Central.
Vulnerabilities
- CVE-2024-42501
- CVE-2024-42502
- CVE-2024-42503
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.