Aruba says it has patched a number of critical security flaws, so update now

There’s a workaround, but it’s only partially effective, Aruba warns

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Aruba Networks has released a fix for six critical vulnerabilities found in a number of its products, and is now urging users to apply the patch immediately and avoid being targeted by cybercriminals.

The vulnerabilities all have a severity score of 9.8, giving them the “critical” rating.

According to the company, these vulnerabilities can be abused to grant malicious third parties elevated privileges and the ability to run arbitrary code, remotely.

Patches and versions

The vulnerabilities that were patched are: CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750, CVE-2023-22751 and CVE-2023-22752. They were discovered by cybersecurity researcher Erik de Jong, in these Aruba products: ArubaOS 8.6.0.19 and below, ArubaOS 8.10.0.4 and below, ArubaOS 10.3.1.0 and below, SD-WAN 8.7.0.0-2.3.0.8 and below.

To make sure they keep theirendpointspatched and secured, users should update the products to these versions: ArubaOS 8.10.0.5 and above, ArubaOS 8.11.0.0 and above, ArubaOS 10.3.1.1 and above, and SD-WAN 8.7.0.0-2.3.0.9 and above.

Users shold also keep in mind that some of the products reached end-of-life status, and as such will not be getting the updates: ArubaOS 6.5.4.x, ArubaOS 8.7.x.x, ArubaOS 8.8.x.x, ArubaOS 8.9.x.x, and SD-WAN 8.6.0.4-2.2.x.x.

Severe vulnerabilities expose wireless access points to attack>Critical vulnerabilities discovered in millions of network switches>These are the best malware protections at the moment

Users are advised to use the software that hasn’t yet reached end-of-life and receives updates.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Those that can’t apply the patch for whatever reasons can enable “Enhanced PAPI Security” mode using a non-default key, which was said to be a valid workaround, BleepingComputer reported. However, Aruba’s latest fix addresses another 15 high-severity and eight medium-severity flaws, so applying the fix is still highly recommended.

Aruba said there’s no evidence of these flaws being abused in the wild at the moment, but users should be on their guard.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics