- 216/2023
- High
Aruba has released security updates to fix several vulnerabilities in HPE Aruba Networking (9000, 9200) Series Mobility Controllers and SD-WAN Gateways.
The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, or bypass security restrictions on the affected product bysending a specially crafted request.
Sample of the addressed vulnerabilities:
1. HPE Aruba Networking Buffer Overflow Vulnerability (CVE-2023-38485):
- CVSS: 8
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2. HPE Aruba Networking Products Security Bypass (CVE-2023-38486):
- CVSS: 7.7
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
- CVE-2023-38484
- CVE-2023-38485
- CVE-2023-38486
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.