First published: Tue Nov 14 2023(Updated: )
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
|Affected Software||Affected Version||How to fix|
CVE-2023-45616 is a buffer overflow vulnerability in the AirWave client service that allows for unauthenticated remote code execution.
CVE-2023-45616 can be exploited by sending specially crafted packets to the PAPI UDP port, which triggers a buffer overflow and allows for remote code execution.
CVE-2023-45616 has a severity rating of 9.8 (Critical).
ArubaOS versions between 10.3.0.0 and 10.4.0.3, and version 10.5.0.0, as well as HP InstantOS versions between 188.8.131.52 and 184.108.40.206, 220.127.116.11 and 18.104.22.168, and 22.214.171.124 and 126.96.36.199 are affected by CVE-2023-45616.
To fix CVE-2023-45616, users should apply the latest security patches provided by Aruba Networks or HP, depending on the affected software.