Advisory ID: ARUBA-PSA-2021-016 CVE: CVE-2019-5318, CVE-2021-37716, CVE-2021-37717, CVE-2021-37718, CVE-2020-37719, CVE-2021-37720, CVE-2021-37721, CVE-2021-37722, CVE-2021-37723, CVE-2021-37724, CVE-2021-37725, CVE-2021-37728, CVE-2021-37729, CVE-2021-37731, CVE-2021-37733
Publication Date: 2021-Aug-31
Status: Confirmed
Severity: Critical Revision: 1
Aruba Mobility Conductor (formerly Mobility Master), Aruba Mobility Controllers, Access-Points when managed by Mobility Controllers and Aruba SD-WAN Gateways.
Affected versions: Not all vulnerabilities in this advisory affect all ArubaOS branches. If an ArubaOS branch is not listed as affected, it means that any ArubaOS version in that given branch is not affected. For example, the 6.4.x.x and 6.5.x.x branches are not affected by CVE-2021-37717.
Updating a branch of ArubaOS to the version listed in the Resolution section at the end of this advisory resolve all known issues with that branch.
Versions of ArubaOS and SD-WAN that are end of life should be considered to be affected by these vulnerabilities. Impacted customers should plan to migrate to a supported branch. Branches that should be considered to be vulnerable and are not patched by this advisory include: