A vulnerability allowing authenticated users to download arbitrary files has been identified in the web-based management interface of HPE Aruba Networking AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. This vulnerability could be exploited through carefully crafted exploits.
Exploitation of this vulnerability could lead to unauthorized access to files on the affected system.
To address this vulnerability, users should upgrade to AOS-10.7.2.1 and above, AOS-10.4.1.9 and above, AOS-8.13.1.0 and above, AOS-8.12.0.6 and above, or AOS-8.10.0.19 and above. Instructions for downloading the updated software are available on the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
