HPE Aruba Networking Wireless Operating Systems Client Isolation Bypass Vulnerability Allowing Traffic Redirection
Vulnerability
A vulnerability exists in the client isolation mechanism of HPE Aruba Networking Wireless Operating Systems AOS-8 and AOS-10. This vulnerability may allow an attacker to bypass Layer 2 communication restrictions between clients, redirecting Layer 3 traffic. Successful exploitation can interfere with policy enforcement and, when combined with a port-stealing attack, may facilitate a bi-directional Machine-in-the-Middle (MitM) attack.
Impact
Exploitation of this vulnerability can lead to unauthorized interception and modification of network traffic, allowing for eavesdropping, session hijacking, or denial-of-service conditions.
Remediation
Users are advised to upgrade to AOS-10.8.x.x (10.8.0.1 and above), AOS-10.7.x.x (10.7.2.3 and above), AOS-10.4.x.x (10.4.1.11 and above), AOS-8.13.x.x (8.13.1.2 and above), AOS-8.12.x.x (8.12.0.7 and above), or AOS-8.10.x.x (8.10.0.22 and above). These versions can be downloaded from the HPE Networking Support Portal.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.