Colton Bachman

**Name of the Vulnerable Software and Affected Versions** AOS-8 Instant (affected versions not specified) AOS 10 (affected versions not specified) **Description** A flaw exists in how ethernet frames are processed, potentially allowing a remote attacker to cause a denial of service. Successful exploitation may disrupt network services and require manual intervention to restore functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HPE Aruba Networking Fabric Composer (affected versions not specified) **Description** A privilege escalation issue exists in the web-based management interface of HPE Aruba Networking Fabric Composer. This could allow an authenticated low-privilege operator user to change the state of certain settings of a vulnerable system. The vulnerability is related to weaknesses in the authentication procedure, which could be exploited by a remote attacker to modify system settings. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aruba AirWave Management Platform versions 8.2.15.0 and below **Description** Vulnerabilities in the AirWave Management Platform web-based management interface exist, which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level. **Recommendations** For versions 8.2.15.0 and below, update to a version above 8.2.15.0 to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Aruba AirWave Management Platform versions 8.2.15.0 and below **Description** The issue concerns a lack of proper access controls in the web-based management interface of the AirWave Management Platform, potentially allowing a remote attacker with limited privileges to access sensitive information or modify network configurations with elevated privileges. **Recommendations** For versions 8.2.15.0 and below, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, limit privileges for all users to minimize the risk of exploitation. Avoid using the interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.