Controllerless Networks

Reply
Occasional Contributor II

Security Firmware Update

Hi,

when can we expect a firmware upgrade which fixes the mentioned vulnerabilities?

Original Disclosure:
http://seclists.org/fulldisclosure/2016/May/19
Aruba Advisory:
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt

We're currently running Firmware 6.4.4.3-42.2.0_53034 on our IAP 205/215.

Thanks in advance

Simon Polack

Re: Security Firmware Update

Hey, in order to resolve the vulnerabilities you will need to upgrade to one of the below versions :

Resolution
==========
Upgrade to IAP version 4.2.3.1 or 4.1.3.0.

I have checked the Aruba Support Site and 6.4.2.6-4.1.3.0 / 6.4.4.4-4.2.3.1 are now available for download.


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Security Firmware Update

Thank you for your answer,

 

i've already seen this hint, but i'm unable to find the firmwares here:

http://support.arubanetworks.com/LifetimeWarrantySoftware/tabid/121/DMXModule/661/Default.aspx?EntryId=20388

 

Furthermore the auto update function says: "-- No new version available --"

 

 

 

Re: Security Firmware Update

The firmware you require is called ArubaInstant_Taurus_6.4.4.3-4.2.2.0_53034 which is for Aruba Instant code for IAP-204/205. I've noticed there is a delay sometimes with the firmware being posted to the download site which is used for the automatic download via the Virtual Controller. You can manually upload the firmware if required to the Virtual Controller.


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Security Firmware Update

The Firmware you mentioned is already the one we're running.

Build Time:
2015-12-18 23:46:04 PST
Occasional Contributor II

Re: Security Firmware Update

Can we expect a further answer? There are various high severity security issues out we can't fix without a firmware update. Is there a estiminiation, when the fixed firmware will be public available?

 

Regards

Simon Polack

 

Re: Security Firmware Update

Both versions (4.1.3.0 and 4.2.3.1) are posted on the support site and are available for download. Do you not have a valid support account to retreive them?

Jerrod Howard
Sr. Technical Marketing Engineer
Occasional Contributor II

Re: Security Firmware Update

Do you not have a valid support account to retreive them?

No we have not. Our distributor told us, "Software updates are available via webinterface". Actually there a button, but we dont see new updates via this integrated function.

 

Is there another possiblity to get this update?

 

Re: Security Firmware Update

Which IAP model(s) do you have? There is a delay generally from what is put up for auto-download, but without a support contract they are not available immediately after release.

Jerrod Howard
Sr. Technical Marketing Engineer
Occasional Contributor II

Re: Security Firmware Update

We deployed IAP-215, IAP-205.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: