An authenticated command injection vulnerability has been identified in the command line interface of HPE Aruba Networking AOS-8 and AOS-10 operating systems. This vulnerability allows attackers to execute arbitrary commands as a privileged user on the underlying operating system. The issue affects HPE Aruba Networking Mobility Conductors, Controllers, and WLAN and SD-WAN Gateways managed by HPE Aruba Networking Central, specifically in AOS-10.4.x.x versions through 10.4.1.4, and AOS-8.12.x.x versions through 8.12.0.2, as well as AOS-8.10.x.x versions through 8.10.0.14.
Successful exploitation allows authenticated users to execute arbitrary commands with elevated privileges on the underlying operating system.
Users can upgrade to HPE Aruba Networking AOS-10.7.x.x versions 10.7.0.0 and above, AOS-10.4.x.x versions 10.4.1.5 and above, AOS-8.12.x.x versions 8.12.0.3 and above, or AOS-8.10.x.x versions 8.10.0.15 and above. These updates can be downloaded from the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
