HPE Aruba Networking AOS-8 Command Injection Vulnerability in CLI Binary of Controllers and Mobility Conductor

A command injection vulnerability has been identified in the CLI binary of HPE Aruba Networking AOS-8 Controllers and Mobility Conductors. This vulnerability allows authenticated malicious actors to execute arbitrary commands as privileged users on the underlying operating system. The issue arises within the web-based management interface, specifically through the Low-Level Interface Library, and can be exploited by users with physical access to the devices.

Impact

Successful exploitation of this vulnerability could lead to unauthorized execution of commands on the affected system, potentially allowing for further exploitation or manipulation of the device.

Remediation

To address this vulnerability, HPE Aruba Networking recommends upgrading to AOS-8.13.1.0 or above, AOS-8.12.0.6 or above, or AOS-8.10.0.19 or above. For AOS-10 users, the recommended version is 10.7.2.1 and above or 10.4.1.9 and above. Instructions for downloading the updated software are available on the HPE Networking Support Portal.