Aruba Networks printed a safety advisory to tell prospects about six critical-severity vulnerabilities impacting a number of variations of ArubaOS, its proprietary community working system.
The flaws impression Aruba Mobility Conductor, Aruba Mobility Controllers, and Aruba-managed WLAN Gateways and SD-WAN Gateways.
Aruba Networks is a California-based subsidiary of Hewlett Packard Enterprise, specializing in pc networking and wi-fi connectivity options.
The important flaws addressed by Aruba this time might be separated into two classes: command injection flaws and stack-based buffer overflow issues within the PAPI protocol (Aruba Networks entry level administration protocol).
All flaws have been found by safety analyst Erik de Jong, who reported them to the seller by way of the official bug bounty program.
The command injection vulnerabilities are tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750, with a CVSS v3 score of 9.8 out of 10.0.
An unauthenticated, distant attacker can leverage them by sending specifically crafted packets to the PAPI over UDP port 8211, leading to arbitrary code execution as a privileged consumer on ArubaOS.
The stack-based buffer overflow bugs are tracked as CVE-2023-22751 and CVE-2023-22752, and now have a CVSS v3 score of 9.8.
These flaws are exploitable by sending specifically crafted packets to the PAPI over UDP port 8211, permitting unauthenticated, distant attackers to run arbitrary code as privileged customers on ArubaOS.
The impacted variations are:
- ArubaOS 8.6.0.19 and beneath
- ArubaOS 8.10.0.4 and beneath
- ArubaOS 10.3.1.0 and beneath
- SD-WAN 8.7.0.0-2.3.0.8 and beneath
The goal improve variations, in accordance with Aruba, needs to be:
- ArubaOS 8.10.0.5 and above
- ArubaOS 8.11.0.0 and above
- ArubaOS 10.3.1.1 and above
- SD-WAN 8.7.0.0-2.3.0.9 and above
Unfortunately, a number of product variations which have reached End of Life (EoL) are additionally affected by these vulnerabilities and won’t obtain a fixing replace. These are:
- ArubaOS 6.5.4.x
- ArubaOS 8.7.x.x
- ArubaOS 8.8.x.x
- ArubaOS 8.9.x.x
- SD-WAN 8.6.0.4-2.2.x.x
A workaround for system directors who can’t apply the safety updates or are utilizing EoL units is to allow the “Enhanced PAPI Security” mode utilizing a non-default key.
However, making use of the mitigations doesn’t handle one other 15 high-severity and eight medium-severity vulnerabilities listed in Aruba’s safety advisory, that are fastened by the brand new variations.
Aruba states that it’s unaware of any public dialogue, exploit code, or energetic exploitation of those vulnerabilities as of the discharge date of the advisory, February 28, 2022.