HPE Aruba Networking AOS-8 and AOS-10 Mobility Conductors Web Interface Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability has been identified in the web-based management interface of HPE Aruba Networking Mobility Conductors running AOS-10 or AOS-8 operating systems. This vulnerability allows authenticated users to upload arbitrary files with privileged access, potentially leading to the execution of arbitrary commands on the underlying operating system.

Impact

Exploitation of this vulnerability could result in unauthorized file uploads, allowing for the execution of arbitrary commands on the affected system's operating system with elevated privileges.

Remediation

Users can upgrade to AOS-10.7.2.2 and above, AOS-10.4.1.10 and above, AOS-8.13.1.1 and above, or AOS-8.10.0.21 and above. These versions include patches for the vulnerability. The updated software can be downloaded from the HPE Networking Support Portal.