HPE Aruba Networking AOS-8 Instant AP and AOS-10 AP Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the web-based management interface of HPE Aruba Networking access points running AOS-8 Instant and AOS-10 AP. This vulnerability allows authenticated remote attackers to execute arbitrary commands on the underlying operating system of the affected access points.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the device's operating system, potentially allowing an attacker to gain control over the access point.

Remediation

Users are advised to upgrade to HPE Aruba Networking AOS-8 Instant APs and AOS-10 APs versions 10.7.2.0 and above, 10.4.1.8 and above, 8.13.1.0 and above, 8.12.0.6 and above, or 8.10.0.17 and above, depending on their current version. For assistance, contact HPE Services - Aruba Networking.