Use of Externally-Controlled Format String
A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 220.127.116.11 and below; Aruba Instant 8.5.x.x: 18.104.22.168 and below; Aruba Instant 8.6.x.x: 22.214.171.124 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.
CWE-134 - Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.