Aruba Various Products Remote Code Execution Vulnerabilities

Aruba Various Products Remote Code Execution Vulnerabilities

Aruba has published 2 new Remote Code Execution vulnerabilities that affect several switch products.

An attacker who successfully exploits these vulnerabilities can run arbitrary code.

Affected Systems

• CX 6200F Switch,
• 6300 Switch,
• 6400 Switch,
• 8320 Switch,
• 8325 Switch,
• 8400 Switch,
• CX 8360 versions(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below.

IoC’s

-

Recommended Solution(s)

Organizations using the above-mentioned products are recommended to contact their representatives apply applicable patches.

CVE / CWE

CVE-2021-41000, CVE-2021-41001

Related Website(s)

• https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt
• https://nvd.nist.gov/vuln/detail/CVE-2021-41000
• https://nvd.nist.gov/vuln/detail/CVE-2021-41001

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.