Security Bulletins

Aruba’s Security Incident Response Team (SIRT) is a select group of employees who are experienced in handling security issues.

If a security problem or vulnerability is found in an Aruba product, please send us an email with a detailed description of the problem. Once we acknowledge your email, we request five business days to reproduce the reported problem and prepare a response. We appreciate you waiting for our response prior to reporting the problem to others.

Recent Advisories
AID-040814 OpenSSL 1.0.1 library (Heartbleed) vulnerability (CVE-2014-0160)
AID-080113 Apache Struts2 Vulnerability in Aruba Networks ClearPass Policy Manager (CVE-2013-2248, CVE-2013-2251)
AID-050813 Sponsor Confirmation Approval Bypass Vulnerability in Aruba Networks ClearPass Guest product (05/08/13)
AID-042613-1
AID-042613-2
Multiple Vulnerabilities in OpenSSL (CVE-2013-0169, CVE-2013-0166)
AID-042213 Cross Site Scripting vulnerability in ArubaOS Administration WebUI. (03/18/12)
AID-031912 Multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS User Authentication Bypass Vulnerability. (03/19/12)
AID-070611 Cross Site Scripting vulnerability in ArubaOS and AirWave Administration Web Interfaces (06/07/11
AID-013111 Aruba Mobility Controller – multiple advisories: DoS and authentication bypass (01/31/11)
View the Archive

Reporting a Security Problem or Vulnerability

Aruba’s Security Incident Response Team (SIRT) should be contacted if a security problem is found with an Aruba product or if there is an external security problem that would cause a serious impact on users connected to an Aruba product.

Emails sent to sirt@arubanetworks.com are directed to a selected group of Aruba employees who are experienced in handling security issues.

Please use the PGP keys below corresponding to our email addresses for encrypting any sensitive information sent to the SIRT.

If you are a currently experiencing a network outage or need help configuring a security feature, please contact Aruba Support via phone +1 800 WiFiLan (+1 800 943 4526) / International: +1 408 754 1200 or contact us at support@arubanetworks.com.

PGP Key Info

Key fingerprint: 31DE 693F 9127 6C6E D8D1 FA39 98FE 09CA 4585 86D9
Key size: 2048-bit
Key ID: 458586D9
UserID: Aruba Networks SIRT (sirt@arubanetworks.com)


—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v2.0.22 (MingW32)

mQENBFNISKQBCAC5cFxFspCva7qTbxSA9pdPxEiXGm1WgwmRgUFkzjhfq1lwhbRR
UmBjttkDIqZRlao7AI77uj65vbv4+/10iIbUC+vl3uR1Y8/60j4EW78C8ICUcLcr
qWja3fq1HELXgPx4VVEw1rE8zyCh30VdmZImDitljYuh9vFDVVHwOd3ID5XXeDaT
IhJnshtRGj5otHfyAgbyAgVEZYHsSOEcqqtSQY7k5v9NbvDR2F1hIrXTxrt+vk+I
VJyRHeThPt+zqFwcfTYvvflWDYfYod5Zm45OQADu2VCUuWQzRUbawRyCTHlEmIV+
rvA+BvTl3R0DhmHwXG6ZOzUs4q+bu6qV4FtRABEBAAG0R0FydWJhIE5ldHdvcmtz
IFNlY3VyaXR5IEluY2lkZW50IFJlc3BvbnNlIFRlYW0gPHNpcnRAYXJ1YmFuZXR3
b3Jrcy5jb20+iQE5BBMBAgAjBQJTSEikAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQmP4JykWFhtl7zggAlbqIzHp87484mItXy0k2hL1GzGnn9UjRQJSv
p+tu+eMCKkzdXRlbBv763fwJX9yHfLgXcgRLF6VHRaV9Mp5tknLmEU8VgA9MzKid
/LWrWR7T5aEw20N55EQMNYSYR2tw2fMl2wt0dp4BLfIRiDheqIGLLQkGj4w7gEGy
+VwaLza4RO3eJMKqvIrGkY069vlARGBgt8T8RxS7DR+qea2vM2AVMsyZUS5gnkPK
XxDp3FclIx1J9HHM60sCQEMj6R9nEAWdsFgniGG9hEpEFFi1g2NHVwk0C6kqNugI
ptGUMDxOkyeN/WcPPTy5FtholN9pdYVQ09ipT96VqLkd19+N8IhGBBARAgAGBQJT
SEltAAoJEKeioowOKnn1DEUAn1HzL1s8od0ec97aHL/6SXziMZU1AKDt0KwW9Ve/
Br+iUOUjK/OAYsQBwYkBHAQQAQIABgUCU0hJqQAKCRAODN8nTHHBM76cCACbiPHZ
3zWSJGXVNrRyF1//aIwZOHHIz6lGVJktEeAKM/8mQX69hTMPtnAilpu1M+aslAa+
MpeoWgiOBiR70gbWpuqzyh04imrEQote0P0R8BEBlDupiTp+TSHAVUgd2KBEqwiZ
nxVnn2p/TQ2g/qI/N4T1jBKjVSlchFIytBPLja4cuKFT2c2PQMfxC3X0Q5tgtrh+
j08YOaH2ClPQeYQgvFatVTM9MpjEAQ9SHHk5+6PQGeXKbkH7SSxkShinEfOPp9uB
Zd766OhZK8EbG7XBN2Vt/p6wIDivI/R6T2Mm9kt8/RNaUYfErCxqlS98h83/yGbx
RlUf1JTLerUviubRuQENBFNISKQBCACsZ8FTZYtAVQi+tssIgDy6UoudODKLkqYB
fpjFie/e2tFA7Ts04u/HvZ03y4cwBxz3j4W85CEbY46AJIlecgqh5EAdDWGcF5tk
06kcWJ3gLP/9NUBX1bSWxIZuj4MPQ2voF7duP+Y1JRyOsolihcip2Io9f5SeO4UZ
cCrnOoaPPk+gIynV+g5M6WB7H8HFJvqcf26MxkUzvftX0BuBjWqm4/WifHOq3jxJ
PsN5r3dlCyTRz268vq2LJ7VV6PFFUNrK4Jlv/4cM3TKBmf8MUoViJvoOqQ0cCA4e
PtYBk/nVwxvN+apzzc0aTgIfqg8NLDztGdYzjBaXPp3LByi1cEODABEBAAGJAR8E
GAECAAkFAlNISKQCGwwACgkQmP4JykWFhtmAgwf/biZSzik89VaLvfEO7KyGrZk+
GIAgndJg4JysSBn0bnPZDSrakMKe5pqUhqnrD3uAFhMAJPM1q5sD60pJJr5upXSO
KD4xnt9u3trLKIefjTaxmlIKrZRGM9B9oRP1MFyF86He8NruDErbnyrskdGpdSNa
o8jJDNCsWW771n3SppPHqQMsU0zu4G3+/Ty2UcJRFLxzY7br5gmMrTrmoIoSu1NT
zmSd9r1wHxlRyKsVBLZBgzG5emvbYFtxzb5kPHYOxgUP1reRK1LkqUkqJVs0e0hO
SMDc0wd4pS/yiOD+oMoQDJ0n6u7A51rieaoXNGwpb1U1+x1G/QetUI0f+xBjeQ==
=szRG
—–END PGP PUBLIC KEY BLOCK—–