Robbie Gill

**Name of the Vulnerable Software and Affected Versions** Aruba Mobility Controller versions 2.4.8.x-FIPS through 3.3.2.x **Description** The issue allows remote attackers to cause a denial of service, resulting in a device crash, by sending a malformed Extensible Authentication Protocol (EAP) frame. **Recommendations** For versions 2.4.8.x-FIPS through 3.3.2.x, consider restricting access to EAP frames until a patch is available. As a temporary workaround, disabling EAP authentication may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Aruba Mobility Controller versions 2.3.6.15 through 2.5.5.7 Aruba Mobility Controller version 2.4.8.11-FIPS **Description** The issue concerns an unspecified vulnerability in the LDAP authentication feature. This vulnerability allows remote attackers to bypass authentication mechanisms, potentially obtaining management or VPN interface access. **Recommendations** For Aruba Mobility Controller versions 2.3.6.15 through 2.5.5.7, update to a version later than 2.5.5.7 to resolve the issue. For Aruba Mobility Controller version 2.4.8.11-FIPS, update to a version later than 2.4.8.11-FIPS to resolve the issue.