QID 43816
Date Published: 2021-06-07
QID 43816: HPE Aruba OS Multiple Security Vulnerabilities (ARUBA-PSA-2020-012)
Aruba Networks provides data networking solutions for enterprises and businesses worldwide.
A remote code execution vulnerability is present in network-listening components in some versions of Aruba OS. Affected Versions:
For CVE-2020-10713, CVE-2020-24637
Affected Versions:
ArubaOS 8.5.0.10, 8.6.0.5, 8.7.0.0 and below
Resolution:
ArubaOS 8.5.0.11, 8.6.0.6, 8.7.1.0 and above
For CVE-2020-24634
Affected Versions:
ArubaOS 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below
Resolution:
ArubaOS 8.2.2.10, 8.3.0.14, 8.5.0.11, 8.6.0.6, 8.7.1.0 and above
SD-WAN 2.1.0.2, 2.2.0.1 and above
For CVE-2020-24633
Affected Versions:
ArubaOS 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5,
8.7.0.0 and below
Resolution:
ArubaOS 6.4.4.24, 6.5.4.18, 8.2.2.10, 8.3.0.14, 8.5.0.11, 8.6.0.6,
8.7.1.0 and above
NOTE:
6.4.x.x and 6.5.x.x branches are not affected by CVE-2020-24634.
QID Detection Logic (Unauthenticated):
This QID gets the vulnerable Aruba OS version via SNMP.
Successful exploitation of the vulnerability will allow attackers to install new potentially malicious firmware on Aruba Access Points.
Please refer to ARUBA-PSA-2020-012 for more information about patching the vulnerability.
Note:Not all vulnerabilities in this advisory affect all ArubaOS branches. If an ArubaOS branch is not listed as affected, it means that any ArubaOS version in that given branch is not affected.
For example, the 6.4.x.x and 6.5.x.x branches are not affected by CVE-2020-24634.
- ARUBA-PSA-2020-012 -
www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-012.txt
CVEs related to QID 43816
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ARUBA-PSA-2020-012 |
www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-012.txt |