A vulnerability allowing authenticated parameter injection has been identified in the web-based management interface of HPE Aruba Networking AOS-8 and AOS-10 operating systems. This vulnerability could be exploited by an authenticated user to overwrite arbitrary system files.
Exploitation of this vulnerability could lead to authenticated arbitrary file modification, with potential for unauthorized code execution, according to HPE.
Users can upgrade to AOS-10.7.x.x (10.7.0.0 and above), AOS-10.4.x.x (10.4.1.5 and above), AOS-8.12.x.x (8.12.0.3 and above) or AOS-8.10.x.x (8.10.0.15 and above). These versions include the necessary patches. For assistance, contact HPE Services - Aruba Networking.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
