Our experts keep you up-to-date on critical cyber threats (CVEs)
With this notification, we inform you about a critical vulnerability within HPE Aruba Networking, specifically on Aruba CX switches. This vulnerability enables unauthorised access and requires urgent action.
Hewlett Packard Enterprise (HPE) has discovered a series of vulnerabilities in Aruba AOS-CX, one of which is critical ‘authentication bypass’. This allows a hacker to bypass existing security controls via the web interface and, in some cases, even reset the admin password, leading to full control of the switch.
Several ‘command injection’ problems have also been confirmed.
The vulnerabilities affect all AOS-CX installations under the following versions:
For more information, visit HPE's website: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocale=en_US
An update to the latest firmware released by HPE is necessary. Specifically, you need to upgrade to 10.10.1180, 10.13.1161, 10.16.1030 or 10.17.1001 (or newer), as all earlier versions are vulnerable.
We recommend doing this as soon as possible to prevent unauthorised users from accessing the management interface.
Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .
Receive our newsletter including invitations to events & interesting industry news!
Receive alerts from current CVEs and tips to remedy them!
Two Belgian IT players want join forces in a single integrated IT group for managed IT services under the name Dynamate