HPE Aruba patches critical security flaws across access points

[ad_1]

HPE has revealed Aruba Access Points (APs), the company’s high-performance Wi-Fi devices, could have been vulnerable to a threat granting threat actors the ability to execute malicious code remotely.

The company confirmed the news in a security advisory, noting APs carried three critical vulnerabilities in the Command Line Interface (CLI) service: CVE:2024-42505, CVE-2024-42506, and CVE-2024-42507. By sending specially crafted packets to UDP port 8211 of the AP management protocol, PAPI, the crooks could elevate their privileges and thus gain the ability to execute arbitrary code.

APs running Instant AOS-8 and AOS-10 are all affected by these flaws, which includes AOS-10.6.x.x: 10.6.0.2 and below, AOS-10.4.x.x: 10.4.1.3 and below, Instant AOS-8.12.x.x: 8.12.0.1 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and below.

Patches and workarounds A patch is already available for download, and given the severity of the flaws in question, HPE (Aruba’s parent company) urges users to apply it without hesitation. Those unable to install the patch on Instant AOS-8.x should enable “cluster-security”, while those with AOS-10 endpoints should block access to port UDP/8211 from all untrusted networks.

Other Aruba products, such as Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways, were confirmed safe. The good news is that there is no evidence of in-the-wild exploits, and no one has yet shared a Proof-of-Concept (PoC).

Aruba Access Points are wireless networking devices designed to provide high-performance, secure, and reliable Wi-Fi coverage in various environments, such as offices, campuses, and public spaces. They are part of Aruba's broader networking solutions, which focus on simplifying network management while ensuring strong connectivity for users and IoT devices.

Via BleepingComputer

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

December 2025
M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

HPE Aruba patches critical security flaws across access points

Caribbean Fintech Revolution Gains Momentum As Start-ups And Partnerships Drive Industry Growth | RJR News

Tracking the Tropics: Hurricane Oscar misses Florida in active October

Tracking the Tropics: Hurricane Oscar misses Florida in active October

Brown and Costa Blast Trump’s Argentina Beef Bailout: A Major Blow to US Ranchers!

From a Brief Visit to Forever: My 7-Year Love Story in Ecuador

El Salvador Calls Out US for Migrant Crisis in Powerful UN Address

Renewable Energy Revolution in French Guiana: A Bold Step Forward or a Missed Opportunity?

US Boosts Diplomatic Push in Grenada and Antigua to Combat Narco-Terrorism

Discover the Enigmatic Hot Blob Beneath Appalachians: A Geological Wonder Heading to New York!

Unrest in Guadeloupe: Anti-Vaccine Protesters Face Off Against Hospital Staff

IRC Rises to the Challenge: Delivering Vital Protection Services in Guatemala Amid U.S. Aid Cuts

Billionaire Politician’s Corruption Charges: Will They Impact His Influence in Guyana’s Parliament?

Confronting Haiti’s Crisis: Key Questions for America’s Future

Categories

Archives