An arbitrary file download vulnerability has been identified in a low-level interface library used by HPE Aruba Networking AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. This vulnerability allows authenticated malicious actors to download arbitrary files by exploiting the issue with carefully crafted exploits.
Successful exploitation of this vulnerability could lead to unauthorized access to files on the affected system, allowing for the download of sensitive or critical information.
To address this vulnerability, users should upgrade to AOS-10.7.2.1 and above, AOS-10.4.1.9 and above, AOS-8.13.1.0 and above, AOS-8.12.0.6 and above, or AOS-8.10.0.19 and above. Instructions for downloading the updated software are available on the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
