2 advisories tracked · HPE Aruba Networking Security Advisories (PSIRT) via NVD · checked automatically every minute
Pick your product and enter the exact software release it runs. We match it against the affected/fixed versions in Aruba's recent advisories.
HPE Aruba Networking Security Advisories (PSIRT) via NVD
Aruba's PSIRT bulletin portal (arubanetworks.com) is a JavaScript app with no stable public feed, so VulniPulse ingests Aruba's CVEs from NVD. Aruba publishes under the shared HPE CNA (security-alert@hpe.com), which also covers non-networking HPE products — so this feed is filtered to Aruba networking products only (ClearPass, ArubaOS / AOS-8 / AOS-10 controllers & gateways, AOS-CX and ArubaOS-Switch, Instant APs, Aruba Central, Fabric Composer and EdgeConnect/Silver Peak SD-WAN). Each entry links back to the official Aruba/HPE advisory when NVD carries the reference.
Visit HPE Aruba Networking security advisoriesA vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is specific to traffic originated by the CX 9300 switch platform and could allow an attacker to bypass ACL rules applied to routed ports on egress. As a result, port ACLs are not correctly enforced, which could lead to unauthorized traffic flow and violations of security policies. Egress VLAN ACLs and Routed VLAN ACLs are not affected by this vulnerability.
Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.