1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Aruba fixes networking device flaws that could open doors for hackers

Discussion in 'Network World' started by RSS, May 9, 2016.

  1. RSS

    RSS New Member Member

    Wireless networking device manufacturer Aruba Networks has fixed multiple vulnerabilities in its software that could, under certain circumstances, allow attackers to compromise devices.

    The vulnerabilities were discovered by Sven Blumenstein from the Google Security Team and affect ArubaOS, Aruba's AirWave Management Platform (AMP) and Aruba Instant (IAP).

    There are 26 different issues, ranging from privileged remote code execution to information disclosure, insecure updating mechanism and insecure storage of credentials and private keys. However, Aruba combined them all under two CVE tracking IDs: CVE-2016-2031 and CVE-2016-2032.

    Common issues that are shared by all of the affected software packages have to do with design flaws in an Aruba proprietary management and control protocol dubbed PAPI.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page