HPE Aruba Networking has released a security advisory to address multiple vulnerabilities impacting Aruba Access Points running InstantOS and ArubaOS 10. The security advisory addressed 18 vulnerabilities, out of which eight are rated as critical. All the critical severity vulnerabilities have been given a CVSS score of 9.8.
Tag: Aruba
Aruba AirWave Web-Based Management Interface Stored Cross Site Scripting (XSS) Vulnerability (CVE-2021- 37715)
Earlier this year, Qualys discovered a heap-based buffer overflow in Sudo, named ‘Baron Samedit’ (CVE-2021-3156). Baron Samedit A vulnerability in the command line parameter parsing code of Sudo could allow an attacker with access to Sudo to execute commands or binaries with root privileges. Baron Samedit is exploitable by any local user (normal users and … Continue reading “Aruba AirWave Web-Based Management Interface Stored Cross Site Scripting (XSS) Vulnerability (CVE-2021- 37715)”
BLEEDINGBIT Vulnerability
Two critical vulnerabilities have been discovered in BLE (Bluetooth Low Energy) chips manufactured by Texas Instruments (TI). The vulnerabilities have been named BLEEDINGBIT. As this vulnerability affects the BLE chips, any device using said hardware is a potential target for exploitation. The following CVEs have been assigned to track BLEEDINGBIT vulnerability. BLEEDINGBIT RCE vulnerability (CVE-2018-16986) BLEEDINGBIT … Continue reading “BLEEDINGBIT Vulnerability”