Aruba developers have released security updates and workarounds to patch multiple security vulnerabilities affecting ClearPass Policy Manager. Exploitation of these flaws could result in denial of service condition, information disclosure, authentication bypass, arbitrary code execution on the affected system. According to security advisory, the flaws are fixed in ClearPass Policy Manager versions 6.10.5, 6.9.10, 6.8.9-HF3. Aruba developers have also released security advisory to address critical vulnerabilities (CVE-2022-23676, CVE-2022-23677) affecting Aruba 5400R Series Switches, Aruba 3810 Series Switches, Aruba 2920 Series Switches, Aruba 2930F Series Switches, Aruba 2930M Series Switches, Aruba 2530 Series Switches, Aruba 2540 Series Switches. Exploitation of these vulnerabilities allow for attackers to execute arbitrary code on the affected device.

Aruba developers have also released security advisory for Denial of Service vulnerability (CVE-2022-0778) in OpenSSL affecting Aruba products.

Source: arubanetworks.com