Security updates: HPE Aruba Networking bridge and switch vulnerable
Vulnerabilities threaten 501 Wireless Client Bridge and Networking CX 10000 Switch Series from HPE Aruba. Exploit code is in circulation.
(Image: AFANASEV IVAN/Shutterstock.com)
Attackers can attack networks with HPE Aruba equipment. In the worst case, malicious code can get onto devices under certain conditions.
Multiple vulnerabilities
Specifically, it concerns 501 Wireless Client Bridge and Networking CX 10000 Switch Series. Even though attackers must have admin rights on a host system to successfully attack 501 Wireless Client Bridge, both vulnerabilities (CVE-2024-54006, CVE-2024-54007) are classified as “high” threat level. If this is the case, attackers can execute their code via the web interface.
Videos by heise
HPE Aruba warns that exploit code for this is already in circulation. It is not yet known whether there are already attacks. Admins should install the firmware V2.1.2.0-B0033, which is secured against the described attack.
Attackers can use the vulnerability (CVE-2024-54010 “low”) in the Networking CX 10000 Switch Series to access data that is actually sealed off. The issues 10.13.1070, 10.14.1030 and 10.15.1000 provide a remedy.
(des)
