An arbitrary file download vulnerability has been identified in the web-based management interface of HPE Aruba Networking AOS-10 Gateways and AOS-8 Controller/Mobility Conductor. This vulnerability allows authenticated, remote attackers to download arbitrary files from the affected device's filesystem.
Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the affected device.
Users can upgrade to AOS-10.7.1.1 and above, AOS-10.4.1.7 and above, AOS-8.12.0.4 and above, or AOS-8.10.0.16 and above. For AOS-10 GWs, deny access to TCP port 4343 from any network to the Management IP address of the Gateway. For systems running AOS-8, there is no workaround.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
