Security Bulletins

Aruba’s Wireless Security Incident Response Team (WSIRT) is a select group of employees who are experienced in handling security issues.

If a security problem or vulnerability is found in an Aruba product, please send us an email with a detailed description of the problem. Once we acknowledge your email, we request five business days to reproduce the reported problem and prepare a response. We appreciate you waiting for our response prior to reporting the problem to others.

Recent Advisories
AID-040814 OpenSSL 1.0.1 library (Heartbleed) vulnerability (CVE-2014-0160)
AID-080113 Apache Struts2 Vulnerability in Aruba Networks ClearPass Policy Manager (CVE-2013-2248, CVE-2013-2251)
AID-050813 Sponsor Confirmation Approval Bypass Vulnerability in Aruba Networks ClearPass Guest product (05/08/13)
AID-042613-1
AID-042613-2
Multiple Vulnerabilities in OpenSSL (CVE-2013-0169, CVE-2013-0166)
AID-042213 Cross Site Scripting vulnerability in ArubaOS Administration WebUI. (03/18/12)
AID-031912 Multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS User Authentication Bypass Vulnerability. (03/19/12)
AID-070611 Cross Site Scripting vulnerability in ArubaOS and AirWave Administration Web Interfaces (06/07/11
AID-013111 Aruba Mobility Controller – multiple advisories: DoS and authentication bypass (01/31/11)
View the Archive

Reporting a Security Problem or Vulnerability

Aruba’s Wireless Security Incident Response Team (WSIRT) should be contacted if a security problem is found with an Aruba product or if there is an external security problem that would cause a serious impact on users connected to an Aruba product.

Emails sent to wsirt@arubanetworks.com are directed to a selected group of Aruba employees who are experienced in handling security issues.

Please use the PGP keys below corresponding to our email addresses for encrypting any sensitive information sent to the WSIRT.

If you are a currently experiencing a network outage or need help configuring a security feature, please contact Aruba Support via phone +1 800 WiFiLan (+1 800 943 4526) / International: +1 408 754 1200 or contact us at support@arubanetworks.com.

PGP Key Info

Key fingerprint: C38D 07D1 BA57 6938 DA7D EF1B A7A2 A28C 0E2A 79F5
Key size: 1024-bit
Key ID: 0xA7A2A28C0E2A79F5
UserID: Aruba Networks WSIRT (wsirt@arubanetworks.com)


—–BEGIN PGP PUBLIC KEY BLOCK—–

Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools – http://gpgtools.org

mQGiBEZwXhoRBADEHlS5oNhEjOf7/bTZybKSgL0FFjAYr9DMqTOMuMcJBrFpkRX/
rb6IqcDMItwh1Tr32tMRtnJLeqQuC5+JIR4mUkC5YY5wJqXpQTompQs9DqFE1Kam
MlXWi5k5GM8ROtUWKwP1/WAJVs9ZtTUqpfsJjKKDmC631ERx1obNMSw4aQCg/27j
9hTJF+mC1SCLB/c4ADkR398D/RN+xqn66CcWSe7UFx54MxMotUpwnvGAUYxbjLtM
jZY2J14Q6kXFoQiWeCcxtQQUS68aw1fvWjVipWQicyOfsTycniQf2V+dLnlnTGK0
I9YQlLmiDokH5q5vItuJFGOHDA/kn3A2UFLjocDvfkTNayDSeiAFQfduZRJSp1qW
9c0fA/0clFLB0SzcaofoOIDF3nF7t8BS4mgXAE5tdss/k7L9b6udV0qJzYp6OnFM
ibkwRPbXt+hrVx1+prYFGP4t7iXLzsQW7vHLANDIZibCqiUNkyQJOUT1j0Rwll+6
VnwSwUmvPSylepgj3rEAq+BxV6OQ/Lj2vHZaJPCl0pI4v9wf7rQuQXJ1YmEgTmV0
d29ya3MgV1NJUlQgPHdzaXJ0QGFydWJhbmV0d29ya3MuY29tPoiWBBARAgBWBQJG
cF4aMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdw
bWltZQYLCQgHAgoCGQEFGwMAAAADFgIBBR4BAAAABBUICQoACgkQp6KijA4qefWm
9gCg45Nn3kpZQ3PJ8xAP9iwG7Y/ba1AAnR7dc9JEjJQz9s8huzT1vEz5pJ9juQIN
BEZwXhoQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz
0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24rnRP
xfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhOSdvN
ILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18F1dD
ox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMI
PWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCACnId9+e2hf76a85YNXXhyjGpWF
VtphdW5SUQgPQs/bse1gtgV8oQuI5SO/+bDPctKMnZ2tVyuTvdv4+P9QWlF26sqb
tsAlG6Ng/2dN37HmCL9cMnFJoPjG8jvb+zOty/qTfirhrZtelepBgetELzqfQiBO
WGKhI9VOD/tTYtAGH+XIgjDztDoR2puhvmI+6IXqSCOd7ML7qnQaoYtpV0B46xl9
5garjai9n9x7BM3oGKCZJfrxjxzRlWhH2nyPIy2Bf/EVC6Jvl+iXJdJxhszOgPAK
wXHWigUEvn3VWjS+08ZrAaiO9hyNt7tySBM117t6CS6OQLrZztbmVQYvqz/ViEwE
GBECAAwFAkZwXhoFGwwAAAAACgkQp6KijA4qefXaAgCgz+gZKvRMecYnrcBYBhrK
lB5eiLoAnA7GP/DYxr46bTuMaurizL5DZYG7
=AVIP
—–END PGP PUBLIC KEY BLOCK—–