A denial-of-service vulnerability has been identified in the protocol-handling component of HPE Aruba Networking's AOS-8 and AOS-10 operating systems. An unauthenticated attacker can exploit this vulnerability by sending specially crafted network messages to the affected service. The exploitation of this vulnerability is made possible by insufficient input validation, which can lead to the termination of a critical system process and cause a denial-of-service condition.
Exploitation of this vulnerability can terminate a critical system process, leading to a denial-of-service condition on the affected device.
To address this vulnerability, HPE Aruba Networking has released patches for AOS-10 and AOS-8. Affected users should upgrade to AOS-10.8.0.1 and above, AOS-10.7.2.3 and above, AOS-10.4.1.11 and above, AOS-8.13.1.2 and above, AOS-8.12.0.7 and above, or AOS-8.10.0.22 and above, depending on their current version. These updates can be downloaded from the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
