HPE Aruba Networking AOS-8 and AOS-10 Stack-Based Buffer Overflow Vulnerability in Management Services via Command-Line Interface

A stack-based buffer overflow vulnerability has been identified in multiple management service components of HPE Aruba Networking's AOS-8 and AOS-10 Operating Systems. This vulnerability is accessible through the command-line interface. An authenticated attacker with administrative privileges could exploit this issue by sending specially crafted requests to the affected services. Successful exploitation would allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code with elevated privileges on the affected system.

Remediation

To address this vulnerability, HPE Aruba Networking has released patches for AOS-10 and AOS-8. Users can upgrade to AOS-10.8.x.x (10.8.0.1 and above), AOS-10.7.x.x (10.7.2.3 and above), AOS-10.4.x.x (10.4.1.11 and above), AOS-8.13.x.x (8.13.1.2 and above), AOS-8.12.x.x (8.12.0.7 and above) or AOS-8.10.x.x (8.10.0.22 and above). For AOS-10 Gateway and AOS-8 Controller/Mobility Conductor software branches that have reached their End of Maintenance, no patches are available.