A vulnerability allowing arbitrary file writes has been identified in the web-based management interface of HPE Aruba Networking AOS-10 Gateways and AOS-8 Controller/Mobility Conductor operating systems. This vulnerability could be exploited by an authenticated attacker to upload arbitrary files and execute commands on the underlying operating system.
Exploitation of this vulnerability could lead to unauthorized file uploads, allowing for arbitrary file writes on the system. This could be used to execute malicious commands, potentially compromising the system's integrity and availability.
Users are advised to upgrade to AOS-10.7.2.1 and above, AOS-10.4.1.9 and above, AOS-8.13.1.0 and above, AOS-8.12.0.6 and above, or AOS-8.10.0.19 and above. These versions include patches for the vulnerability. The updated software can be downloaded from the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
