Aruba fixes networking device flaws that could open doors for hackers
Wireless networking device manufacturer Aruba Networks has fixed multiple vulnerabilities in its software that could, under certain circumstances, allow attackers to compromise devices.
The vulnerabilities were discovered by Sven Blumenstein from the Google Security Team and affect ArubaOS, Aruba’s AirWave Management Platform (AMP) and Aruba Instant (IAP).
There are 26 different issues, ranging from privileged remote code execution to information disclosure, insecure updating mechanism and insecure storage of credentials and private keys. However, Aruba combined them all under two CVE tracking IDs: CVE-2016-2031 and CVE-2016-2032.
Common issues that are shared by all of the affected software packages have to do with design flaws in an Aruba proprietary management and control protocol dubbed PAPI.