Arubanetworks Sd-Wan vulnerabilities

CVE-2020-24634 [CRITICAL] CWE-77 CVE-2020-24634: An attacker is able to remotely inject arbitrary commands by sending especially crafted packets dest An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.

CVE-2020-24637 [HIGH] CVE-2020-24637: Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Suc Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Control