HPE Product Security Update Advisory

Overview

 

Hewlett Packard Enterprise has released security updates to fix vulnerabilities in its products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

CVE-2024-42509, CVE-2024-47460, CVE-2024-47461, CVE-2024-47462, CVE-2024-47463

• AOS-10 versions: 10.4 (inclusive) ~ 10.4.1.4 (inclusive)

 

• Instant AOS-8 versions: Instant AOS-8.12 (inclusive) ~ 8.12.0.2 (inclusive)
• Instant AOS-8 versions: Instant AOS-8.10 (inclusive) ~ 8.10.0.13 (inclusive)

 

 

Resolved Vulnerabilities

 

Unauthenticated command injection vulnerability in the CLI service accessed by the PAPI protocol (CVE-2024-42509)

Unauthenticated command injection vulnerability in the CLI service accessed by the PAPI protocol (CVE-2024-47460)

Command Injection Vulnerability in AOS on HPE Aruba Networking (CVE-2024-47461)

Arbitrary File Creation Vulnerability in AOS on HPE Aruba Networking (CVE-2024-47462, CVE-2024-47463)

 

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-42509, CVE-2024-47460, CVE-2024-47461, CVE-2024-47462, CVE-2024-47463

• AOS-10 version: 10.4.1.5 or later version 
• AOS-10 version: 10.7.0.0 or later version 

 

• Instant AOS-8 version: 8.12.0.3 or later version 
• Instant AOS-8 version: 8.10.0.14 or later version 

 

 

Referenced Sites

 

[1] CVE-2024-42509 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-42509

[2] CVE-2024-47460 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-47460

[3] CVE-2024-47461 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-47461

[4] CVE-2024-47462 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-47462

[5] CVE-2024-47463 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-47463

[6] hpe/support

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US