1.0 Introduction
Recently, RADIUS protocol released a critical vulnerability in the RADIUS protocol, which is used for device and user authentication.
2.0 Impact
The vulnerability in the RADIUS protocol allows attackers to bypass authentication and gain unauthorized access to sensitive network resources.
3.0 Affected Products
- EdgeConnect SD-WAN Gateways: All supported software releases
- EdgeConnect SD-WAN Orchestrators: All supported software releases
- Switches running AOS-CX: All supported software releases
- WLAN Gateways and SD-WAN Gateways running AOS-10:
- AOS-10.6.0.2 and below
- AOS-10.4.1.3 and below
- Mobility Controllers running AOS-8:
- AOS-8.12.0.1 and below
- AOS-8.10.0.13 and below
- Access Points running Instant AOS-8 and AOS-10: All supported software releases
- AirWave Management Platform: 8.3.0.2 and below
- ClearPass Policy Manager: 6.12.1 and below, 6.11.8 and below
- Aruba Fabric Composer: 7.1.0 and below
- Networking Instant On: Switches (1930, 1960) and Access Points with firmware versions ? 3.0.0.0 in local mode
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the following advisory and apply the necessary updates:
Kindly refer to the following URLs for more information: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04662en_us&docLocale
Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact the Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my
5.0 References