1. Forum
  2. tqw
  3. TQW GENTECH

  • HPE reveals critical security bug affecting networking access poi

    From TechnologyDaily@1337:1/100 to All on Friday, November 08, 2024 15:45:05
    HPE reveals critical security bug affecting networking access points

    Date:
    Fri, 08 Nov 2024 15:34:00 +0000

    Description:
    Half a dozen HPE vulnerabilities were found and patched recently, including two critical ones.

    FULL STORY ======================================================================HPE releases patch for six serious security vulnerabilities The bugs affected multiple products, and could be used in destructive cyberattacks Patching is advised, but workarounds are available

    Two critical security bugs were found plaguing Hewlett Packard Enterprise (HPE) endpoints, the company has confirmed, as it released a patch and follow-up security advisory.

    As per the bulletin, multiple Aruba Networking Access Points (AP), powered by thee Instant AOS-8 and AOS-10 operating systems, were vulnerable to a total
    of six flaws, which allowed crooks to mount authenticated remote command execution attacks, create arbitrary files, perform unauthenticated command injection, and more.

    Of the six, two were particularly dangerous: CVE-2024-42509, and CVE-2024-47460. These were assigned severity scores 9.8 and 9.0, and could have been abused by sending specially crafted packets to Arubas Access Point management protocol (PAPI). End of life

    The remaining four vulnerabilities are tracked as CVE-2024-47461, CVE-2024-47462, CVE-2024-47463, and CVE-2024-47464.

    All of them plague AOS-10.4.x.x: 10.4.1.4 and older releases, Instant AOS-8.12.x.x: 8.12.0.2 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and older versions.

    If your product is older, and isnt among the ones listed here, then its
    likely reached its end-of-life status and as such will not be patched. In
    such cases, HPE advises users to replace the instance with a newer model that is still supported.

    Those who are still under HPEs support should update their access points to these versions:

    AOS-10.7.x.x: Update to version 10.7.0.0 and later.
    AOS-10.4.x.x: Update to version 10.4.1.5 or later.
    Instant AOS-8.12.x.x: Update to version 8.12.0.3 or newer.
    Instant AOS-8.10.x.x: Update to version 8.10.0.14 or above

    There are also workarounds for those who cannot install the patch
    immediately, which include blocking access to UDP port 8211 from all
    untrusted networks, restricting access to the CLI and web-based management interfaces, and controlling access with firewall policies at layer 3 and higher.

    At press time, there was no evidence of in-the-wild abuse.

    Via BleepingComputer You might also like Major Palo Alto security flaw is being exploited via Python zero-day backdoor Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hpe-reveals-critical-security-bug-affec ting-networking-access-points


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)