Aruba Access Points Have Critical Remote Code Execution Vulnerabilities

CVECVE-2023-22786
CVSScvssV3_1: 9.8
SourceCVE-2023-22786

Aruba wireless access points were found to have serious vulnerabilities that could allow remote attackers to take complete control of devices.

The vulnerabilities are due to issues in underlying services that handle network management traffic. By sending specially crafted packets to port 8211, which is used for Aruba’s access point protocol (PAPI), an attacker could potentially execute arbitrary code with elevated privileges.

This would give a hacker full control over the access point’s operating system. They could then install programs, view, change or delete data, create new accounts with admin access and pivot to attack connected devices on the network.

Organizations using Aruba wireless access points should apply the latest software updates as soon as possible. Administrators are also advised to restrict access to port 8211 only to authorized management systems. Enabling WPA2 encryption can prevent attackers on the wireless network from exploiting these flaws.

It’s important that users stay vigilant and keep all equipment up-to-date, as unpatched vulnerabilities can have serious consequences if exploited. Applying the manufacturer’s security updates is a basic step to protect networks and devices.

References