A denial-of-service vulnerability has been identified in the protocol-handling component of HPE Aruba Networking's AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit this vulnerability by sending specially crafted network messages to the affected service. The exploitation, due to insufficient input validation, may terminate a critical system process, leading to a denial-of-service condition.
Exploitation of this vulnerability can cause a critical system process to terminate unexpectedly, disrupting normal device operations and causing a denial-of-service condition.
To address this vulnerability, HPE Aruba Networking has released patches for AOS-10 and AOS-8. Users can upgrade to AOS-10.8.x.x (10.8.0.1 and above), AOS-10.7.x.x (10.7.2.3 and above), AOS-10.4.x.x (10.4.1.11 and above), AOS-8.13.x.x (8.13.1.2 and above), AOS-8.12.x.x (8.12.0.7 and above) or AOS-8.10.x.x (8.10.0.22 and above). For AOS-10 Gateways and AOS-8 Controllers/Mobility Conductors that have reached their End of Maintenance, no patch is available.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
