Wireless Access

 View Only

  • 1.  Patch SLAs

    Posted Feb 06, 2025 11:06 AM

    Would like to know if Aruba has vulnerability patch/remediation SLAs for Critical Vulnerabilities?   And if so where is it published.   I am already signed up for notifications but management wants to see the published SLA Aruba follows in general.  Controllers/Gateways, AOS/CX switches, Airwave, CPPM included.

    Thanks for any assistance.



  • 2.  RE: Patch SLAs

    Posted Feb 07, 2025 04:41 AM

    I think the question is more to do with how Aruba managed Critical Vulnrabilities.  For example, as a lot of their technologies are based on a Linux back-end, one CVSS will have a ripple effect across all their products.  However, in keeping with a lot of manufacturers, they won't publish the fact that they have a Crit.Vuln until they have a patch for it.  The bad guys are out there constantly looking for holes in systems; if Aruba published the fact they had a problem before providing a patch/fix for it, then there is a probability that their systems would be constantly suffering from being p*rn'd.

    I'm assuming that you are asking about how long it takes for Aruba/HPE to impliment a fix after its been identified.  That is going to be a question for your Aruba/HPE account manager and depends on Aruba/HPE's engineering internal resources.  I don't remember ever seeing a document saying that "if we are aware of a problem we'll fix it in xx days".


    Original Message


  • 3.  RE: Patch SLAs

    Posted Feb 09, 2025 11:20 PM

    "I'm assuming that you are asking about how long it takes for Aruba/HPE to implement a fix after its been identified."

    Yes this is correct.    HPE/Aruba as a security focused network team should have SLAs around patching.  My account team did get back to me with a response that is not published anywhere.  It was a bit discouraging to be honest and came from one of their security teams.  I will have to report back to management what I was provided but I know its not going to go over well with them.  :-(

    Thank you for your reply and assistance with this.


    Original Message


  • 4.  RE: Patch SLAs

    Posted Feb 07, 2025 05:00 AM
    Hello,
     
    Yes of course, you can access the HPE Aruba vulnerability bulletin from this bulletin, with the patches that will be released to cover that vulnerability.
    https://support.hpe.com/connect/s/securitybulletinlibrary?language=en_US#sort=%40hpescuniversaldate%20descending&layout=table&numberOfResults=25&f:@kmdoclanguagecode=[cv1871440]&hpe=1
    Best Regards


    ------------------------------
    Daniel Ruiz
    -----------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support.
    Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------

    Original Message


  • 5.  RE: Patch SLAs

    Posted Feb 09, 2025 11:14 PM

    Thanks Daniel, I have this already but it does not provide the details I am looking for.  I appreciate the response none the less.


    Original Message


  • 6.  RE: Patch SLAs

    Posted Feb 07, 2025 10:22 AM

    https://support.hpe.com/hpesc/public/docDisplay?docId=a00100637en_us&docLocale=en_US



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 7.  RE: Patch SLAs

    Posted Feb 09, 2025 11:16 PM

    Thanks Chulcher, I have this already but it does not provide the details I am looking for.  I appreciate the response none the less.


    Original Message


  • 8.  RE: Patch SLAs

    Posted Feb 10, 2025 12:23 PM

    The point is that any communication on security vulnerabilities MUST go through that team, so your question really needs to be answered by them.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


Related Content