A vulnerability allowing out-of-bounds read has been identified in HPE Aruba Networking AOS-8 and AOS-10. This issue affects Mobility Conductors, Controllers, and Gateways managed by HPE Aruba Networking Central. The vulnerability arises from inadequate validation of maximum buffer sizes, which can lead the process to read beyond its intended memory limits. This flaw may cause the affected process to crash, creating a potential denial-of-service condition.
Exploitation of this vulnerability can lead to a process crash, causing a denial-of-service condition on the affected system.
To address this vulnerability, upgrade to AOS-10.7.2.2 and above, AOS-10.4.1.10 and above, AOS-8.13.1.1 and above, or AOS-8.10.0.21 and above. For versions with available patches, download them from the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
