Critical Remote Code Execution Vulnerabilities Patched in Aruba Access Points

CVECVE-2023-22749
CVSScvssV3_1: 9.8
SourceCVE-2023-22749

Aruba Networks wireless access points were found to have multiple vulnerabilities that could allow unauthenticated remote code execution. These vulnerabilities reside in the PAPI (Aruba Networks access point management protocol) that runs on UDP port 8211.

By sending specially crafted packets to this port, an attacker could exploit command injection flaws to execute arbitrary code with elevated privileges on the underlying operating system of the access point. This would give the attacker full control of the device.

As access points are used to manage wireless networks in many organizations, a compromise could potentially allow a bad actor to intercept network traffic, install malware, view/alter sensitive data and more.

Aruba has released updates to address these issues by patching the command injection flaws. It is recommended that all Aruba access points have the latest firmware updates installed as soon as possible. Network administrators should also consider disabling the PAPI port if not needed.

Staying up-to-date on product security updates is important for any networked device. Being vigilant about patching known vulnerabilities can help prevent the exploitation of critical remote code execution issues like those addressed here.

References