A vulnerability allowing arbitrary file write has been identified in the web-based management interface of HPE Aruba Networking AOS-10 Gateways and AOS-8 Controller/Mobility Conductor operating systems. This vulnerability could be exploited by an authenticated attacker to upload arbitrary files and execute commands on the underlying host operating system. The issue arises in several versions of AOS-10 and AOS-8 that are prior to the patched releases mentioned in the advisory.
Exploitation of this vulnerability could lead to unauthorized uploading of files, potentially allowing for execution of arbitrary commands on the affected host system.
Users can upgrade to AOS-10.7.1.1 and above, AOS-10.4.1.7 and above, AOS-8.12.0.4 and above, or AOS-8.10.0.16 and above. For AOS-10 GWs, deny access to TCP port 4343 from any network to the Management IP address of the Gateway. For AOS-8 systems, no workaround is available.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
