- 106/2023
- Critical
Aruba has released security updates to fix multiple vulnerabilities in Aruba Networks ArubaOS, and Aruba Networks InstantOS.
The addressed vulnerabilities could allow the remote attacker to overflow a buffer by sending a specially crafted packet to PAPI UDP port, execute arbitrary code, obtain sensitive information, cause a denial of service attack, or gain access to the affected systems.
Sample of the addressed Vulnerabilities:
1. Aruba Networks InstantOS and ArubaOS Buffer Overflow (CVE-2023-22779):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Aruba Networks InstantOS and ArubaOS Denial of Service (CVE-2023-22787):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2023-22779
- CVE-2023-22780
- CVE-2023-22781
- CVE-2023-22782
- CVE-2023-22783
- CVE-2023-22784
- CVE-2023-22785
- CVE-2023-22786
- CVE-2023-22787
- CVE-2023-22788
- CVE-2023-22789
- CVE-2023-22790
- CVE-2023-22791
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.