Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points - #CVE-2024-42505
Hewlett Packard Enterprise (HPE) has issued emergency patches to address three critical vulnerabilities identified as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, which are found in Aruba access points running AOS-8 and AOS-10. These vulnerabilities, which could enable remote code execution via the PAPI UDP port (8211), affect a variety of software versions including end-of-life versions. HPE strongly advises administrators to apply the latest patches immediately, particularly in sensitive environments like those of the US military. As interim measures, enabling cluster-security for Instant AOS-8 devices and blocking the PAPI port for AOS-10 devices are recommended. Although no active exploitations have been reported, the potential impact necessitates prompt action to secure affected systems.