Vulnerability: Attackers could compromise Aruba switches
A vulnerability in Aruba’s AOS-CX network operating system puts some of the manufacturer’s switch models at risk.
According to an alert, the vulnerability (CVE-2023-1168) has a threat level of “high“ classified. The vulnerability affects the Network Analytics Engine. An authenticated attacker could start a malicious code attack there in order to completely compromise devices. How an attack could proceed is not yet known.
Specifically, these models are vulnerable:
- Aruba CX 10000 Switch Series
- Aruba CX 9300 Switch Series
- Aruba CX 8400 Switch Series
- Aruba CX 8360 Switch Series
- Aruba CX 8325 Switch Series
- Aruba CX 8320 Switch Series
- Aruba CX 6400 Switch Series
- Aruba CX 6300 Switch Series
- Aruba CX 6200F Switch Series
Aruba advises that out-of-support versions of network operating systems and devices are also likely to be at risk. Such issues no longer receive security updates.
To arm switches against the attack, admins must install one of the following versions: