A denial-of-service vulnerability has been identified in HPE Aruba Networking AOS-8 Instant and AOS-10 AP access points. The issue arises from the improper parsing of Ethernet frames, which could allow an unauthenticated remote attacker to disrupt network services. Successful exploitation of this vulnerability may require manual intervention to restore normal functionality.
Exploitation of this vulnerability can lead to a kernel panic, causing a denial-of-service condition that disrupts network services and requires manual intervention to restore functionality.
Users are advised to upgrade to HPE Aruba Networking AOS-10 AP 10.7.x.x version 10.7.2.0 and above, or AOS-10 AP 10.4.x.x version 10.4.1.8 and above. For AOS-8 Instant APs, upgrade to version 8.13.x.x version 8.13.1.0 and above, version 8.12.x.x version 8.12.0.6 and above, or version 8.10.x.x version 8.10.0.17 and above. Note that HPE Aruba Networking does not patch AOS-8 Instant or AOS-10 AP branches that have reached their End of Maintenance milestone.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
