HPE Aruba Networking AOS-8 Out-of-Bounds Read Vulnerability Leading to Process Crash
Vulnerability
A vulnerability allowing out-of-bounds read has been identified in HPE Aruba Networking AOS-8 operating system components for Mobility Conductors, Controllers, and Gateways. This vulnerability arises from inadequate validation of maximum buffer sizes, potentially allowing processes to read beyond intended memory limits. Under certain conditions, this can cause the affected process to crash, leading to a denial-of-service situation.
Impact
Exploitation of this vulnerability can cause a process crash, disrupting the normal operation of the affected component and potentially leading to a denial-of-service condition.
Remediation
Users can upgrade to AOS-8.13.x.x version 8.13.1.1 or above, or AOS-8.10.x.x version 8.10.0.21 or above. These versions include the necessary patches to address the vulnerability. For more information, visit the HPE Aruba Networking Support Portal.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.