www.itnews.com.au
Open in
urlscan Pro
203.176.102.69
Public Scan
URL:
https://www.itnews.com.au/news/protocol-bug-leaves-aruba-access-points-exposed-594240
Submission: On May 11 via api from TR — Scanned from AU
Submission: On May 11 via api from TR — Scanned from AU
Form analysis 1 forms found in the DOM
POST /news/protocol-bug-leaves-aruba-access-points-exposed-594240
<form id="frm-login" action="/news/protocol-bug-leaves-aruba-access-points-exposed-594240" method="post">
<h3 class="section-header"><span>Log In</span></h3>
<div id="login-form-register"><a href="/register">Don't have an account? Register now!</a></div>
<div id="login-validation"></div>
<div id="login-response"></div>
<div class="form-label email-login">Email:</div>
<div class="form-input"><input id="username" name="username" type="text" required=""></div>
<div class="form-label password-login">Password:</div>
<div class="form-input"><input id="password" name="password" type="password" required=""></div>
<div class="row form-checkbox">
<input id="rememberMe" name="rememberMe" type="checkbox"><label for="rememberMe">Remember me</label><span> | <a href="/forgot" title="Forgot your password?">Forgot your password?</a></span>
</div>
</form>Text Content
Latest News TPG TELECOM TO REDUCE SYDNEY OFFICE FOOTPRINT WITH HQ SHIFT EU ANTITRUST REGULATORS SEEKING MORE INFO ON APPLE PAY OPENAI CEO TO TESTIFY IN US SENATE NEXT WEEK VOCUS COMPLETES DARWIN SUBSEA CABLE CONNECTION NEXTDC TURBOCHARGES S3 DATA CENTRE FITOUT IN SYDNEY * Australia Edition * Asia Edition LOG IN SUBSCRIBE Search BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP State of Sustainability State of Security State of IT Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH * NEWS * GOVERNMENT * SECURITY * REPORTS * RESOURCES * PODCAST * BENCHMARKS NEWS BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP GOVERNMENT SECURITY REPORTS State of Sustainability State of Security State of IT RESOURCES Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH PODCAST BENCHMARKS Australia Edition Asia Edition LOG IN Email: Password: Remember me | Forgot password? Don't have an account? Register now! * Home * News * Technology * Security PROTOCOL BUG LEAVES ARUBA ACCESS POINTS EXPOSED By Richard Chirgwin on May 11, 2023 10:18AM NOT ALL PRODUCTS CAN BE PATCHED. HPE enterprise wi-fi business unit Aruba Networks has disclosed the latest round of security patches for its access points. Eight buffer overflow vulnerabilities were found in “multiple underlying services” accessible via Aruba’s access point management protocol, PAPI, accessed through UDP port 8211. Crafted packets sent to port 8211 could trigger the vulnerabilities, giving a remote attacker arbitrary code execution on the products’ operating system, as a privileged user. The bugs are present in ArubaOS and InstantOS, and the company warned that not all branches of these operating systems can be patched. “Due to the structure of these specific vulnerabilities, the only branches to receive a patch were ArubaOS 10.4.0.0 and above; InstantOS 8.11.x: 8.11.0.0 and above; and Aruba InstantOS 8.10.0.3 and above," the company wrote. For customers unable to upgrade to fixed branches, there are some workarounds. In devices running InstantOS 8.x or 6.x code, admins can enable cluster security to block the exploit. However, this is not an option for ArubaOS 10 devices; instead, UDP port 8211 must be blocked from all untrusted networks, the company said. There’s also a high severity denial-of-service in PAPI, CVE-2023-22787, again in a service accessed using PAPI. Aruba doesn’t yet have a patch, but blocking UDP port 8821 again provides mitigation. There are also three high-severity command injection bugs (CVE-2023-22788, CVE-2023-22789, CVE-2023-22790) in the Aruba InstantOS and ArubaOS 10 command line interface which, if exploited, provide remote code execution as a privileged user of the operating system. The bugs were reported to Aruba by Erik de Jong and Daniel Jensen via its bug bounty program, and by Zack Colgan of ClearBearing. Got a news tip for our journalists? Share it with us anonymously here. Copyright © iTnews.com.au . All rights reserved. Tags: aruba networkshpenetworkingsecurity PARTNER CONTENT Partner Content Digital share trading powers Australian investors Partner Content Akkodis helps Australian businesses capture Smart Industry benefits Partner Content Enterprises shift to ‘digital ecosystems’ in a hyper-connected world Partner Content How to build trust in government through citizen engagement SPONSORED WHITEPAPERS Creating the Sustainable IT Department Modernize and innovate in a Multicloud operating model The Future Belongs to the Innovators Manufacturers’ Perspectives on Modernizing with Edge Computing and 5G eBook State of Email Security Report 2023 EVENTS * OpenText Summit 2023 | Content Manager Forum * IoT Impact Conference * IoT Awards 2022 By Richard Chirgwin May 11 2023 10:18AM 0 Comments RELATED ARTICLES * Cyber agencies find espionage infrastructure in 50-plus countries * EU proposes tougher cyber security labelling rules for Amazon, Google, Microsoft * UK citizen extradited to US pleads guilty to 2020 Twitter hack * Microsoft's patches include Outlook preview pane vulnerability MOST READ ARTICLES TECHNOLOGYONE INVESTIGATES 'CYBER INCIDENT' ON M365 SYSTEM CHROME TO DROP LOCK ICON SHOWING HTTPS STATUS CYBER AGENCIES FIND ESPIONAGE INFRASTRUCTURE IN 50-PLUS COUNTRIES HOME AFFAIRS LANDS $37.3M FOR CYBER SECURITY Please enable JavaScript to view the comments powered by Disqus. DIGITAL NATION Case Study: How HCF reengaged its customers through data and analytics Cover Story: The business of gaming will reshape marketing, technology Case study: Transurban uses automation to detect road incidents Case study: How La Trobe University sets its data students up for success Meta threatens to take news off its platform in the US. Yep, we're here again Sponsored Links * Rittal All-in-one Micro Data Centre Solutions for all on-premise applications – Rack, Power, Cooling, Security & Monitoring. MOST POPULAR TECH STORIES * COVER STORY: THE BUSINESS OF GAMING WILL RESHAPE MARKETING, TECHNOLOGY TRUST AND ETHICS DROP NATIONALLY: GOVERNANCE INSTITUTE OF AUSTRALIA CASE STUDY: HOW HCF REENGAGED ITS CUSTOMERS THROUGH DATA AND ANALYTICS DIGITAL ADVERTISING ADDS $94B TO GDP: IAB AUSTRALIA STATE OF SECURITY 2022 * PHOTOS: SEE WHO WAS AT CRN CHANNEL MEETS SECURITY IN SYDNEY TELSTRA INTERNATIONAL APPOINTS NEW CHIEF EXECUTIVE MICROSOFT OFFERING TO CHARGE FOR TEAMS RED HAT AWARDS ANZ PARTNERS TECHNOLOGYONE IN TRADING HALT AFTER 'CYBER INCIDENT' VIA M365 * RIGHT TO REPAIR: LARGE SCALE IT BUYERS CAN INFLUENCE PRODUCT DESIGN... AND THEY SHOULD SHIVERING IN SUMMER? SWEATING IN WINTER? YOUR BUILDING IS LIVING A LIE BUILDING A MODERN WORKPLACE FOR A REMOTE WORKFORCE VENOM BLACKBOOK ZERO 15 PHANTOM HOW LONG WILL A UPS KEEP YOUR COMPUTERS ON IF THE LIGHTS GO OUT? * WHEN MINUTES SAVE LIVES: IOT DELIVERS EARLIER FLOOD WARNINGS ANNOUNCING THE 2022-23 IOT AWARDS FINALISTS SAMSUNG, WHIRLPOOL BANK ON SMART FRIDGE RENAISSANCE A SELF-MANAGING SMART BIN FOR EWASTE HOW SYDNEY OLYMPIC PARK IS SETTING THE PACE ON DIGITAL TRANSPARENCY Contact Us About Us Feedback Advertise Newsletter Archive Site Map RSS © 2023 nextmedia Pty Ltd. OTHER TECH SITES: BIT | CRN Australia | Digital Nation | IoT Hub All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation. Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions. Powered By Accept By using our site you accept that we use and share cookies and similar technologies to perform analytics and provide content and ads tailored to your interests. By continuing to use our site, you consent to this. Please see our Cookie Policy for more information. Close LOG IN Don't have an account? Register now! Email: Password: Remember me | Forgot your password? Log InCancel