Controllerless Networks

Reply
Occasional Contributor II
Posts: 18
Registered: ‎03-21-2016

Security Firmware Update

[ Edited ]

Hi,

when can we expect a firmware upgrade which fixes the mentioned vulnerabilities?

Original Disclosure:
http://seclists.org/fulldisclosure/2016/May/19
Aruba Advisory:
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt

We're currently running Firmware 6.4.4.3-42.2.0_53034 on our IAP 205/215.

Thanks in advance

Simon Polack

MVP
Posts: 400
Registered: ‎07-26-2011

Re: Security Firmware Update

[ Edited ]

Hey, in order to resolve the vulnerabilities you will need to upgrade to one of the below versions :

Resolution
==========
Upgrade to IAP version 4.2.3.1 or 4.1.3.0.

I have checked the Aruba Support Site and 6.4.2.6-4.1.3.0 / 6.4.4.4-4.2.3.1 are now available for download.

ACMA, ACMP
If my post addresses your query, give kudos:)
Occasional Contributor II
Posts: 18
Registered: ‎03-21-2016

Re: Security Firmware Update

Thank you for your answer,

 

i've already seen this hint, but i'm unable to find the firmwares here:

http://support.arubanetworks.com/LifetimeWarrantySoftware/tabid/121/DMXModule/661/Default.aspx?EntryId=20388

 

Furthermore the auto update function says: "-- No new version available --"

 

 

 

MVP
Posts: 400
Registered: ‎07-26-2011

Re: Security Firmware Update

The firmware you require is called ArubaInstant_Taurus_6.4.4.3-4.2.2.0_53034 which is for Aruba Instant code for IAP-204/205. I've noticed there is a delay sometimes with the firmware being posted to the download site which is used for the automatic download via the Virtual Controller. You can manually upload the firmware if required to the Virtual Controller.

ACMA, ACMP
If my post addresses your query, give kudos:)
Occasional Contributor II
Posts: 18
Registered: ‎03-21-2016

Re: Security Firmware Update

The Firmware you mentioned is already the one we're running.

Build Time:
2015-12-18 23:46:04 PST
Occasional Contributor II
Posts: 18
Registered: ‎03-21-2016

Re: Security Firmware Update

Can we expect a further answer? There are various high severity security issues out we can't fix without a firmware update. Is there a estiminiation, when the fixed firmware will be public available?

 

Regards

Simon Polack

 

MVP
Posts: 1,357
Registered: ‎11-07-2008

Re: Security Firmware Update

Both versions (4.1.3.0 and 4.2.3.1) are posted on the support site and are available for download. Do you not have a valid support account to retreive them?

Jerrod Howard
Sr. Techical Marketing Engineer
Occasional Contributor II
Posts: 18
Registered: ‎03-21-2016

Re: Security Firmware Update

[ Edited ]
Do you not have a valid support account to retreive them?

No we have not. Our distributor told us, "Software updates are available via webinterface". Actually there a button, but we dont see new updates via this integrated function.

 

Is there another possiblity to get this update?

 

MVP
Posts: 1,357
Registered: ‎11-07-2008

Re: Security Firmware Update

Which IAP model(s) do you have? There is a delay generally from what is put up for auto-download, but without a support contract they are not available immediately after release.

Jerrod Howard
Sr. Techical Marketing Engineer
Occasional Contributor II
Posts: 18
Registered: ‎03-21-2016

Re: Security Firmware Update

We deployed IAP-215, IAP-205.

Search Airheads
Showing results for 
Search instead for 
Did you mean: