banner1
Logo Blinking Image
banner2

HOME
Breaking News

HPE Issues Critical Security Patches

by VARINDIA 2024-11-12
HPE Issues Critical Security Patches
Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. These security flaws, if left unpatched, could be exploited by attackers to gain unauthorized access to networks, potentially leading to data breaches or disruptions. 
 
The vulnerabilities, affecting Aruba’s WLAN and Wi-Fi infrastructure, have raised concerns across enterprises and institutions relying on these access points for secure wireless connectivity. The most severe among the six newly patched vulnerabilities are CVE-2024-42509 (CVSS score: 9.8) and CVE-2024-47460 (CVSS score: 9.0), two critical unauthenticated command injection flaws in the CLI Service that could result in the execution of arbitrary code.

Issuing an advisory, HPE said, "Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211)."
 
The patches are part of HPE’s ongoing efforts to ensure robust security for its networking solutions. Organizations using Aruba products are advised to implement these patches promptly to mitigate potential risks. The vulnerabilities underscore the importance of keeping network hardware and software up to date, particularly as attackers increasingly target infrastructure within corporate and public networks.

Although Aruba Network access points have not previously been reported as exploited in the wild, they are an attractive target for threat actors due to the potential access these vulnerabilities could provide through privileged user RCE. It's advised to enable cluster security via the cluster-security command to mitigate CVE-2024-42509 and CVE-2024-47460 on devices running Instant AOS-8 code. However, for AOS-10 devices, the company recommends blocking access to UDP port 8211 from all untrusted networks.
er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Veeam to acquire Securiti AI for $1.73 billion

Veeam to acquire Securiti AI for $1.73 billion

HCLTech and Zscaler partner for AI-powered security and network transformation

HCLTech and Zscaler partner for AI-powered security and network transformation

Critical Flaws in Microsoft Defender for Endpoint Threaten Incident Response

Critical Flaws in Microsoft Defender for Endpoint Threaten Incident Response

SOFTWARE
View All
Tata Technologies to accelerate Software‑Defined Vehicle innovation with Synopsys

Tata Technologies to accelerate Software‑Defined Vehicle innovation with Synopsys

Zoho announces free agentic tools to help businesses overcome AI adoption challenges

Zoho announces free agentic tools to help businesses overcome AI adoption challenges

Indian developers save 10 hours weekly with AI tools, outpacing global average by nearly 3 hours: BairesDev report

Indian developers save 10 hours weekly with AI tools, outpacing global average by nearly 3 hours: BairesDev report

START - UP
View All
AI startup FireAI raises ₹4 crore seed funding from Inflection Point Ventures

AI startup FireAI raises ₹4 crore seed funding from Inflection Point Ventures

Climate-tech innovator Newtral raises $600K to scale AI-powered sustainability platform globally

Climate-tech innovator Newtral raises $600K to scale AI-powered sustainability platform globally

Tally Solutions with Rukam Capital to empower Indian startup ecosystem

Tally Solutions with Rukam Capital to empower Indian startup ecosystem

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
VPNs Lose Relevance in Cloud-First Security Era

VPNs Lose Relevance in Cloud-First Security Era

Emerging Markets Boost Used Phone Sales

Emerging Markets Boost Used Phone Sales

Hackers Can Turn Your Computer Mouse Into a Spy Mic

Hackers Can Turn Your Computer Mouse Into a Spy Mic

Hackers Exploit Blockchain to Conceal Malware?

Hackers Exploit Blockchain to Conceal Malware?

“Pixnapping” — The New Android Hack Stealing Your Screen Secrets

“Pixnapping” — The New Android Hack Stealing Your Screen Secrets

Hackers Exploit Blockchain to Conceal Malware”

Hackers Exploit Blockchain to Conceal Malware”

China Weaponizes Rare Earths in Global Tech Power Play

China Weaponizes Rare Earths in Global Tech Power Play

AI Infrastructure to Hit $4 Trillion by 2030: Nvidia CEO

AI Infrastructure to Hit $4 Trillion by 2030: Nvidia CEO

AI-Driven Threats Are Redefining the Future of Workspace Security

AI-Driven Threats Are Redefining the Future of Workspace Security

US Tech Giants Pause India Data Centre Deals Amid Policy Uncertainty

US Tech Giants Pause India Data Centre Deals Amid Policy Uncertainty

dsf