ArubaOS Security Flaw Let Attackers Execute Remote Code


ArubaOS-Switch belongs to Aruba Networks and it’s a subsidiary of HPE (Hewlett Packard Enterprise).

It helps centralize network management, and besides this, it also develops diverse products related to networking.

Security Analysts Discovered a multitude of vulnerabilities in ArubaOS-Switch Switches, including CVE-2024-1356, CVE-2024-25611, CVE-2024-25612, CVE-2024-25613, CVE-2024-25614, CVE-2024-25615, and CVE-2024-25616.

However, to mitigate these vulnerabilities, HPE Aruba Networking has released patches for ArubaOS.

Document

Integrate ANY.RUN in your company for Effective Malware Analysis

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data
  • If you want to test all these features now with completely free access to the sandbox: ..

Flaws’ Profiles

Here below we have mentioned all the vulnerabilities:-

  • Authenticated Remote Command Execution in the ArubaOS Command Line Interface (CVE-2024-1356, CVE-2024-25611, CVE-2024-25612, CVE-2024-25613)
  • Description: ArubaOS CLI has command injection flaws. Exploits let attackers run arbitrary commands as privileged OS user.
  • Severity: High
  • CVSSv3 Overall Score: 7.2
  • Discovery: These vulnerabilities were discovered and reported by Erik de Jong (bugcrowd.com/erikdejong) via HPE Aruba Networking’s bug bounty program.
  • Workaround: HPE Aruba advises restricting CLI, web management to dedicated L2 segment/VLAN, firewall policies beyond L3 to curb exploit risk.
  • Authenticated Arbitrary File Deletion in ArubaOS CLI (CVE-2024-25614)
  • Description: ArubaOS CLI has an arbitrary file deletion flaw, allowing attackers to delete files on the OS, potentially causing denial-of-service and compromising controller integrity.
  • Severity: Medium
  • CVSSv3 Overall Score: 5.5
  • Discovery: Erik de Jong (bugcrowd.com/erikdejong) uncovered and disclosed this flaw through HPE Aruba’s bug bounty program.
  • Workaround: HPE Aruba advises limiting CLI, web management access to dedicated L2 segment/VLAN, enforcing L3+ firewall rules to mitigate exploitation.
  • Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Spectrum Service Accessed via the PAPI Protocol (CVE-2024-25615)
  • Description: ArubaOS 8.x faces an unauthenticated DoS flaw in the Spectrum service through the PAPI protocol, enabling disruption of its normal operation when exploited.
  • Severity: Medium
  • CVSSv3 Overall Score: 5.3
  • Discovery: XiaoC from Moonlight Bug Hunter mined and disclosed this flaw through HPE Aruba’s bug bounty initiative.
  • Workaround: Activating Enhanced PAPI Security with custom key blocks exploit. Besides this, it’s been advised to reach HPE Aruba TAC for config aid.
  • ArubaOS Sensitive Information Disclosure (CVE-2024-25616)
  • Description: Certain ArubaOS setups risk leaking sensitive data during the IKE_AUTH negotiation. Disclosure scenarios are intricate and hinge on uncontrollable factors.
  • Severity: Low
  • CVSSv3 Overall Score: 3.7
  • Discovery: Aruba Engineering discovered this vulnerability.
  • Workaround: None

Make sure to update Mobility Controllers, Conductors, Gateways to specified ArubaOS versions to fix vulnerabilities:-

  • ArubaOS 10.5.x.x:  10.5.1.0 and above
  • ArubaOS 10.4.x.x:  10.4.1.0 and above
  • ArubaOS 8.11.x.x:  8.11.2.1 and above
  • ArubaOS 8.10.x.x:  8.10.0.10 and above

As of the advisory release, HPE Aruba is unaware of public exploit code or discussion targeting these flaws.

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.





Source link