A vulnerability exists in the AOS firmware of HPE Aruba Networking products, specifically in AOS-10 GW and AOS-8 Controller/Mobility Conductor versions through their respective latest releases. This vulnerability allows an authenticated malicious actor to permanently delete critical boot information, potentially rendering the system unbootable. This issue causes a denial-of-service condition that can only be resolved by replacing the affected hardware.
Exploitation of this vulnerability leads to a permanent loss of boot information, causing the system to become unbootable. This denial-of-service condition can only be resolved by replacing the affected hardware.
To address this vulnerability, upgrade to one of the following versions: AOS-10.7.x.x (10.7.2.1 and above), AOS-10.4.x.x (10.4.1.9 and above), AOS-8.13.x.x (8.13.1.0 and above), AOS-8.12.x.x (8.12.0.6 and above), or AOS-8.10.x.x (8.10.0.19 and above). These versions can be downloaded from the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
