Summary: HPE Aruba Networking has issued a security advisory regarding multiple command injection vulnerabilities in its 501 Wireless Client Bridge, allowing authenticated attackers to execute arbitrary commands. Users are urged to upgrade to the latest software version to mitigate these risks.
Threat Actor: Authenticated attackers | authenticated attackers
Victim: HPE Aruba Networking device users | HPE Aruba Networking device users
Key Point :
- Multiple command injection vulnerabilities tracked as CVE-2024-54006 and CVE-2024-54007 exist in the web interface of the 501 Wireless Client Bridge.
- Successful exploitation could allow attackers to execute arbitrary commands as a privileged user on the underlying operating system.
- Users are strongly advised to upgrade to software version V2.1.2.0-B0033 to address these vulnerabilities.
- As a temporary measure, restrict access to management interfaces to minimize exploitation risk.
Views: 1