CVE-2018-7081

Name of the Vulnerable Software and Affected Versions: ArubaOS (affected versions not specified)

Description: A remote code execution issue is present in network-listening components. An attacker could exploit this by transmitting specially-crafted IP traffic to a mobility controller, potentially causing a process crash or executing arbitrary code with full system privileges, leading to complete system compromise. The attack requires the ability to transmit traffic to an IP interface on the mobility controller and leverages the PAPI protocol (UDP port 8211). If the mobility controller only bridges L2 traffic and does not have an accessible IP address, it cannot be attacked.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.