Multiple vulnerabilities in ArubaOS and SD-WAN allow remote attackers to cause denial of service, bypass security restrictions, disclose sensitive information, and perform spoofing attacks. Affected versions include AOS-8.10.x.x up to 8.10.0.21, AOS-8.12.x.x up to 8.12.0.6, AOS-8.13.x.x up to 8.13.1.1, AOS-10.4.x.x up to 10.4.1.10, AOS-10.7.x.x up to 10.7.2.2, and AOS-10.8.x.x up to 10.8.0.0, as well as all listed End of Maintenance (EoM) versions. Administrators must apply the fixes provided by HPE Aruba Networking, noting that EoM versions are not patched and require an upgrade to a supported release.
Multiple vulnerabilities were identified in Aruba Products. A remote attacker could exploit these vulnerabilities to trigger denial of service condition, security restriction bypass, sensitive information disclosure and spoofing on the targeted system. Impact Spoofing Information Disclosure Security Restriction Bypass Denial of Service System / Technologies affected AOS-8.10.x.x: 8.10.0.21 and below AOS-8.12.x.x: 8.12.0.6 and below AOS-8.13.x.x: 8.13.1.1 and below AOS-10.4.x.x: 10.4.1.10 and below AOS-10.7.x.x: 10.7.2.2 and below AOS-10.8.x.x: 10.8.0.0 and below HPE Aruba Networking End of Maintenance (EoM) Software Version(s): AOS-10.6.x.x: all AOS-10.5.x.x: all AOS-10.3.x.x: all AOS-8.12.x.x: all AOS-8.11.x.x: all AOS-8.9.x.x: all AOS-8.8.x.x: all AOS-8.7.x.x: all AOS-8.6.x.x: all AOS-6.5.4.x: all SD-WAN 8.7.0.0-2.3.0.x: all SD-WAN 8.6.0.4-2.2.x.x: all Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US Note: End of Maintenance (EoM) versions are not addressed by the provided solution.