HPE Aruba Wireless Operating Systems Frame Injection Vulnerability Allows Traffic Spoofing

A vulnerability exists in the wireless encryption management of Wi-Fi transmissions on HPE Aruba Networking Wireless Operating Systems AOS-8 and AOS-10. This vulnerability allows a malicious actor to create shared-key authenticated transmissions with targeted payloads, impersonating the identity of a primary BSSID. Exploitation of this vulnerability enables the delivery of altered data to specific endpoints, circumventing standard cryptographic protections.

Impact

Exploitation of this vulnerability could lead to unauthorized data injection, allowing tampered data to be delivered to targeted endpoints.

Remediation

To address this vulnerability, HPE Aruba Networking advises upgrading to AOS-10.8.x.x versions 10.8.0.1 and above, AOS-10.7.x.x versions 10.7.2.3 and above, AOS-10.4.x.x versions 10.4.1.11 and above, AOS-8.13.x.x versions 8.13.1.2 and above, AOS-8.12.x.x versions 8.12.0.7 and above, and AOS-8.10.x.x versions 8.10.0.22 and above. These updates are available through the HPE Networking Support Portal.