menu
close
close

Follow us

Social Media
Social Media
Social Media
Social Media
Social Media

Experienced a potential cyberattack or suspicious activity?

What are you looking for?
close
    home icon for breadcrumb
  1. Home
  2. Stay Alert
  3. All Threats
  4. Command Injection Vulnerabilities in HPE Aruba
  • published 1/21/25 9:03 AM
  • updated 09 January 2025
  • 3 Min Read

Command Injection Vulnerabilities in HPE Aruba

Alert Rating

High

Audience

Corporations, Government

On this page

Command Injection Vulnerabilities in HPE Aruba

HPE Aruba Networking has published a security advisory addressing command injection vulnerabilities in the 501 Wireless Client Bridge. These flaws could allow authenticated attackers to execute arbitrary commands with privileged access on affected devices. A proof-of-concept exploit has been publicly released, increasing the urgency for patching.

Vulnerabilities Overview:

  • CVE-2024-54006 & CVE-2024-54007
  • Severity: Both vulnerabilities are rated as High (CVSS score 7.2).
  • Impact: These vulnerabilities allow authenticated attackers with administrative privileges to execute arbitrary commands on the 501 Wireless Client Bridge. Successful exploitation could provide attackers with full control over the device’s underlying operating system.
  • Exploitability: Exploitation requires administrative credentials, but the attacker can gain complete control over the device once successfully exploited.

 

Affected Software Versions:

  • 501 Wireless Client Bridge V2.1.1.0-B0030 and below

 

Fixed Versions:

  • V2.x.x.x: V2.1.2.0-B0033 and above

Attachments

Command Injection Vulnerabilities in HPE Aruba.pdf

0.23 MB

Take Action

Protect yourself
  • Immediately upgrade affected devices to fixed version.
  • Conduct a thorough security audit of all Aruba devices in your network.
  • Monitor for any suspicious activities or unauthorized access attempts.
  • Implement strong authentication mechanisms and regularly rotate administrative credentials.
     

Attachments

Stay Connected

Follow our channels
Follow our social media channels to stay up to date.
Social Icon Social Icon Social Icon Social Icon Social Icon

Take Action

Spread Awareness

Share this threat to raise awareness and help others stay alert

GET INVOLVED

Make a Difference
Get involved with CSC and play a part in safeguarding the UAE's digital landscape.

Other Threats

20 January 2025

Alert rating

Critical

Critical Vulnerability in F5 Traffix SDC

A critical vulnerability has been discovered in F5 Traffix SDC, linked to Apache Tomcat, which could allow attackers to gain unauthorized access to compromised systems.

Protecting

Corporations, Government

share share

17 January 2025

Alert rating

High

Security Updates - NVIDIA

NVIDIA has released security updates to address multiple vulnerabilities in the NVIDIA Container Toolkit and NVIDIA GPU Operator.

Protecting

Corporations, Government

share share

16 January 2025

Alert rating

Critical

Critical Vulnerability in FortiSwitch Devices

A critical vulnerability (CVE-2023-37936) has been discovered in multiple versions of Fortinet FortiSwitch devices. This vulnerability, classified as a use of hard-coded cryptographic key [CWE-321], allows a remote unauthenticated attacker in possession of the key to execute unauthorized code via crafted cryptographic request.

Protecting

Corporations, Government

share share
Report an Incident
Get Involved

Follow us

Social Media
Social Media
Social Media
Social Media
Social Media

© 2025 CYBER SECURITY COUNCIL UAE. All rights reserved.

Privacy Policy Terms & Conditions