Aruba Networks End-of-life Product Announcements

Date May 15, 2014 Author Comments Leave your thoughts
Aruba Networks Logo

Aruba Networks announces affects of the Heartbleed bug.

Aruba Networks have announced that certain Operating Systems (OS) platforms are to be made end of life. A two-step procedure, starting on the 1st November 2014, development of the OS 6.1.X software will end, and the platform will become end-of-life on May 1st 2015.

On 30th November 2014 the development of OS 6.2.X will also cease and the platform will become end-of-life on May 31st 2015.

Find out more here…

What this means for you, the consumer, currently running and using these OS platforms on your controllers:

Once the development of the above operating systems has lapsed, and if an issue is found within your current deployment, Aruba Networks will be unable to offer support. It is possible that an investigation will take place on order to identify any bugs in order to mitigate reoccurring issues in future releases of OS codes.

Ensign recommends that existing Aruba Networks customers should upgrade their Operating Systems to a later version. If necessary, Ensign can recommend a version of code to suit your current deployment if required; you can contact us here info@ensign-net.co.uk.

Based on the above information, if you have upgraded recently to 6.3.1.3 you should be made aware of the following vulnerability…

Aruba Networks recently announced that the OpenSSL 1.0.1 library (Heartbleed) vulnerability had affected some OS versions across Aruba Controller OS and the Aruba ClearPass Management System.

To summarise:

There is a very serious vulnerability that has been discovered in the OpenSSL 1.0.1 library. This vulnerability can allow an external attacker to extract segments of memory from a remote system without leaving any traces. This memory could contain vital security information, including private keys. These keys, in turn, could be used to mount a man-in-the-middle attack.

AFFECTED OS VERSIONS: Aruba OS 6.3.x, 6.4.xClearPass 6.1.x, 6.2.x, 6.3.x

Previous versions of these products used an earlier version of OpenSSL that is not considered to be vulnerable. No other Aruba Networks products, including AirWave, Instant, run these compromised versions of OpenSSL. Aruba Central, Aruba Networks’cloud-based Wi-Fi offering, has been upgraded to the latest, safe, version of OpenSSL on April 7 after the attack was first published.

Justin Pender

Categorised in

Author Justin Pender

Leave a Reply

Your email address will not be published. Required fields are marked *