Cybersecurity experts report the detection of two vulnerabilities in Aruba Instant On 1930 enterprise switches, developed by Aruba Networks. Apparently, successful exploitation of these flaws would allow threat actors to deploy dangerous hacking attacks.
Below are brief descriptions of the detected flaws, as well as their corresponding identification keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).
CVE-2021-41004: Insufficient validation of user-provided inputs would allow remote threat actors to pass specially crafted input to the application and deploy denial of service (DoS) attacks.
This is a flaw of medium severity and received a CVSS score of 6.5/10.
CVE-2021-41005: Insufficient validation of user-provided inputs would allow a remote threat actor to pass specially crafted entries to deploy DoS attacks.
The flaw received a CVSS score of 5.7/10 and is considered a medium severity error.
According to the report, both flaws reside in all Aruba Instant On 1930 v1.0.7.0 switches.
Although both flaws could be exploited by remote threat actors via the Internet, no active exploitation attempts have been detected so far. Still, Aruba Networks security teams recommend users of affected deployments address flaws as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.