A heap-based buffer overflow vulnerability has been identified in a network management service of HPE Aruba Networking operating systems AOS-8 and AOS-10. This vulnerability could allow an unauthenticated remote attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Additionally, exploitation of this vulnerability may result in a denial-of-service condition affecting the impacted system process.
Successful exploitation of this vulnerability could lead to unauthorized arbitrary code execution as a privileged user on the affected system, potentially compromising the system. Exploitation may also cause a denial-of-service condition by terminating the affected system process unexpectedly, disrupting normal device operations.
To address this vulnerability, HPE Aruba Networking has released patches for AOS-10 and AOS-8. Users can upgrade to AOS-10.8.x.x (10.8.0.1 and above), AOS-10.7.x.x (10.7.2.3 and above), AOS-10.4.x.x (10.4.1.11 and above), AOS-8.13.x.x (8.13.1.2 and above), AOS-8.12.x.x (8.12.0.7 and above) or AOS-8.10.x.x (8.10.0.22 and above). These versions can be downloaded from the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
