Controllerless Networks

last person joined: 19 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Security Firmware Update

This thread has been viewed 5 times

  • 1.  Security Firmware Update

    Posted May 19, 2016 04:27 AM

    Hi,

    when can we expect a firmware upgrade which fixes the mentioned vulnerabilities?

    Original Disclosure:
http://seclists.org/fulldisclosure/2016/May/19
Aruba Advisory:
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt

    We're currently running Firmware 6.4.4.3-42.2.0_53034 on our IAP 205/215.

    Thanks in advance

    Simon Polack



  • 2.  RE: Security Firmware Update

    MVP EXPERT
    Posted May 19, 2016 05:45 AM

    Hey, in order to resolve the vulnerabilities you will need to upgrade to one of the below versions :

    Resolution
    ==========
    Upgrade to IAP version 4.2.3.1 or 4.1.3.0.

    I have checked the Aruba Support Site and 6.4.2.6-4.1.3.0 / 6.4.4.4-4.2.3.1 are now available for download.



  • 3.  RE: Security Firmware Update

    Posted May 19, 2016 05:57 AM

    Thank you for your answer,

     

    i've already seen this hint, but i'm unable to find the firmwares here:

    http://support.arubanetworks.com/LifetimeWarrantySoftware/tabid/121/DMXModule/661/Default.aspx?EntryId=20388

     

    Furthermore the auto update function says: "-- No new version available --"

     

     

     



  • 4.  RE: Security Firmware Update

    MVP EXPERT
    Posted May 19, 2016 06:01 AM

    The firmware you require is called ArubaInstant_Taurus_6.4.4.3-4.2.2.0_53034 which is for Aruba Instant code for IAP-204/205. I've noticed there is a delay sometimes with the firmware being posted to the download site which is used for the automatic download via the Virtual Controller. You can manually upload the firmware if required to the Virtual Controller.



  • 5.  RE: Security Firmware Update

    Posted May 19, 2016 06:04 AM

    The Firmware you mentioned is already the one we're running.

    Build Time:
    2015-12-18 23:46:04 PST


  • 6.  RE: Security Firmware Update

    Posted May 25, 2016 04:52 AM

    Can we expect a further answer? There are various high severity security issues out we can't fix without a firmware update. Is there a estiminiation, when the fixed firmware will be public available?

     

    Regards

    Simon Polack

     



  • 7.  RE: Security Firmware Update

    EMPLOYEE
    Posted May 25, 2016 08:22 AM

    Both versions (4.1.3.0 and 4.2.3.1) are posted on the support site and are available for download. Do you not have a valid support account to retreive them?



  • 8.  RE: Security Firmware Update

    Posted May 25, 2016 08:37 AM
    Do you not have a valid support account to retreive them?

    No we have not. Our distributor told us, "Software updates are available via webinterface". Actually there a button, but we dont see new updates via this integrated function.

     

    Is there another possiblity to get this update?

     



  • 9.  RE: Security Firmware Update

    EMPLOYEE
    Posted May 25, 2016 08:57 AM

    Which IAP model(s) do you have? There is a delay generally from what is put up for auto-download, but without a support contract they are not available immediately after release.



  • 10.  RE: Security Firmware Update

    Posted May 25, 2016 09:02 AM

    We deployed IAP-215, IAP-205.



  • 11.  RE: Security Firmware Update
    Best Answer

    EMPLOYEE
    Posted May 25, 2016 09:07 AM

    Do you need 4.1 or 4.2? I can pull it down for you, but it won't be a normal thing.



  • 12.  RE: Security Firmware Update

    Posted May 25, 2016 09:09 AM

    Thank you. We need 4.2.