QID 44107

Aruba Networks provides data networking solutions for enterprises and businesses worldwide.

Aruba has released patches for ArubaOS that address multiple security vulnerabilities.
Affected Versions:
HPE Aruba Networking
- 9200 Series Mobility Controllers and SD-WAN Gateways
- 9000 Series Mobility Controllers and SD-WAN Gateways
Affected Software Versions:
- ArubaOS 10.4.x.x: 10.4.0.1 and below
- ArubaOS 8.11.x.x: 8.11.1.0 and below
- ArubaOS 8.10.x.x: 8.10.0.6 and below
- ArubaOS 8.6.x.x: 8.6.0.21 and below
The following ArubaOS and SD-WAN software versions that are End of Support are affected by these vulnerabilities and are not patched by this advisory: - ArubaOS 10.3.x.x: all
- ArubaOS 8.9.x.x: all
- ArubaOS 8.8.x.x: all
- ArubaOS 8.7.x.x: all
- ArubaOS 6.5.4.x: all
- SD-WAN 8.7.0.0-2.3.0.x: all
- SD-WAN 8.6.0.4-2.2.x.x: all

QID Detection Logic (Unauthenticated):
This QID gets the vulnerable ArubaOS version via SNMP.
QID Detection Logic(Authenticated):
This will execute the command "show version" and then check the ArubaOS Version.

Successful exploitation of this vulnerability may allow an attacker to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise