Published on 12 May 2023 | Updated on 12 May 2023
Critical Vulnerabilities in Aruba Access Points
Aruba has released security patches to address critical vulnerabilities (CVE-2023-22779, CVE-2023-22780, CVE-2023-22781, CVE-2023-22782, CVE-2023-22783, CVE-2023-22784, CVE-2023-22785 and CVE-2023-22786) in Aruba access points running InstantOS and ArubaOS 10.
Successful exploitation of the buffer overflow vulnerabilities in the PAPI (Aruba Networks’ access point management protocol) could allow an unauthenticated remote attacker to execute arbitrary code as a privileged user on the underlying OS. This is done by sending a specially crafted packet to the PAPI over User Datagram Protocol (UDP) port 8211.The vulnerability affects the following versions (including a few that have reached End of Life (EoL)):
Security patches addressing the critical vulnerabilities have been released in the following versions:
Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.
Users and administrators of vulnerable products that are not listed above or have reached EoL, are advised to apply the following workaround:
More information is available here:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt