漏洞类别:Hardware
漏洞等级: 
漏洞信息
Aruba Networks provides data networking solutions for enterprises and businesses worldwide.
ArubaOS suffers from multiple vulnerabilities:
Buffer Over-read Leads to Information Disclosure
CVE-2015-8605: DHCP Denial of Service Vulnerability
CVE-2016-0801,CVE-2016-0802: Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver
Affected Versions:
ArubaOS 6.3
ArubaOS 6.4.2.x prior to 6.4.2.16
ArubaOS 6.4.3.x prior to 6.4.3.7
ArubaOS 6.4.4.x prior to 6.4.4.5
Detction Logic:
This QID gets the vulnerable ArubaOS version via SNMP
漏洞危害
Depending on the vulnerability being exploited, an attacker can read uninitialized memory, execute arbitrary code or perform Denial of Service attack.
解决方案
Please refer to ARUBA-PSA-2016-007 for more information about patching these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论