Versions
ArubaOS-Switch 16.02.xxxx:All versions.
ArubaOS-Switch 16.08.xxxx:KB/WB/WC/YA/YB/YC.16.08.0026 and below.
ArubaOS-Switch 16.01.xxxx:All versions.
ArubaOS-Switch 16.10.xxxx:KB/WC/YA/YB/YC.16.10.0025 and below.
ArubaOS-Switch 16.03.xxxx:All versions.
ArubaOS-Switch 16.09.xxxx:All versions.
ArubaOS-Switch 16.11.xxxx:KB/WC/YA/YB/YC.16.11.0012 and below.
ArubaOS-Switch 15.xx.xxxx:15.16.0025 and below.
ArubaOS-Switch 16.10.xxxx:WB.16.10.23 and below.
ArubaOS-Switch 16.05.xxxx:All versions.
ArubaOS-Switch 16.07.xxxx:All versions.
ArubaOS-Switch 16.06.xxxx:All versions.
ArubaOS-Switch 16.04.xxxx:KA/RA.16.04.0026 and below.
Recent CVEs
CVE-2023-39268
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-39267
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
CVE-2023-39266
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.