Featured Story
HPE Aruba Networking fixes critical flaws impacting Access Points
HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices.
The vulnerabilities (CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507) can be exploited by sending specially crafted packets to the PAPI (Aruba’s Access Point management protocol) UDP port (8211) to get privileged access to execute arbitrary code on vulnerable devices.
Affected software versions include:
- AOS-10.6.x.x: 10.6.0.2 and below
- AOS-10.4.x.x: 10.4.1.3 and below
- Instant AOS-8.12.x.x: 8.12.0.1 and below
- Instant AOS-8.10.x.x: 8.10.0.13 and below
Other Stories
Cisco Patches High-Severity Vulnerabilities in IOS Software
Cisco has released patches for 11 vulnerabilities, including six high-severity remote DoS flaws in IOS and IOS XE. These can be exploited by sending crafted packets without authentication.
Third Ivanti Bug Comes Under Active Exploit, CISA Warns
CVE-2024-7593 is an authentication bypass in Ivanti vTM allowing attackers to gain admin access. It has been added to CISA’s Known Exploited Vulnerabilities list.
Safeonweb Campaign 2024: prevent 80% of hacks with two-step verification
As part of European Cybersecurity Month, CCB, Febelfin and the Cyber Security Coalition have launched a nationwide awareness campaign encouraging 2FA adoption.
Contact the Approach Cyber SOC team for tailored support and training programs.
