HPE Aruba Networking released security updates addressing four critical remote code execution (RCE) vulnerabilities in the ArubaOS network operating system. The vulnerabilities, CVE-2024-26305, CVE-2024-26304, CVE-2024-33511, and CVE-2024-33512, are unauthenticated buffer overflow issues that could be exploited by sending specially crafted packets through the PAPI Protocol. These flaws could allow attackers to remotely execute arbitrary code, compromising the affected system's security
The impacted products include Mobility Conductor, Mobility Controllers, WLAN Gateways, and SD-WAN Gateways managed by Aruba Central, with specific software versions listed for each affected product. ```https://securityaffairs.com/162663/security/hpe-aruba-networking-critical-flaws.html