HPE reveals critical security bug affecting networking access points

3 hours ago

A personification astatine a laptop pinch a cybersecure fastener awesome floating supra it.

(Image credit: Shutterstock / laymanzoom)

HPE releases spot for six superior information vulnerabilities
The bugs affected aggregate products, and could beryllium utilized successful destructive cyberattacks
Patching is advised, but workarounds are available

Two captious information bugs were recovered plaguing Hewlett Packard Enterprise (HPE) endpoints, nan institution has confirmed, arsenic it released a spot and follow-up information advisory.

As per nan bulletin, aggregate Aruba Networking Access Points (AP), powered by thee Instant AOS-8 and AOS-10 operating systems, were susceptible to a full of six flaws, which allowed crooks to equine authenticated remote bid execution attacks, create arbitrary files, execute unauthenticated bid injection, and more.

Of nan six, 2 were peculiarly dangerous: CVE-2024-42509, and CVE-2024-47460. These were assigned severity scores 9.8 and 9.0, and could person been abused by sending specially crafted packets to Aruba’s Access Point guidance protocol (PAPI).

End of life

The remaining 4 vulnerabilities are tracked arsenic CVE-2024-47461, CVE-2024-47462, CVE-2024-47463, and CVE-2024-47464.

All of them plague AOS-10.4.x.x: 10.4.1.4 and older releases, Instant AOS-8.12.x.x: 8.12.0.2 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and older versions.

If your merchandise is older, and isn’t among nan ones listed here, past it’s apt reached its end-of-life position and arsenic specified will not beryllium patched. In specified cases, HPE advises users to switch nan lawsuit pinch a newer exemplary that is still supported.

Those who are still nether HPE’s support should update their entree points to these versions:

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

AOS-10.7.x.x: Update to type 10.7.0.0 and later.
AOS-10.4.x.x: Update to type 10.4.1.5 aliases later.
Instant AOS-8.12.x.x: Update to type 8.12.0.3 aliases newer.
Instant AOS-8.10.x.x: Update to type 8.10.0.14 aliases above

There are besides workarounds for those who cannot instal nan spot immediately, which see blocking entree to UDP larboard 8211 from each untrusted networks, restricting entree to nan CLI and web-based guidance interfaces, and controlling entree pinch firewall policies astatine furniture 3 and higher.

At property time, location was nary grounds of in-the-wild abuse.

Via BleepingComputer

You mightiness besides like

Major Palo Alto information flaw is being exploited via Python zero-day backdoor
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology