HPE Aruba Networking has mounted three important vulnerabilities within the Command Line Interface (CLI) service of its Aruba Entry Factors.
The safety flaws (CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507)Â might enable unauthenticated attackers to realize distant code execution on weak units by sending specifically crafted packets to the PAPI (Aruba’s Entry Level administration protocol) UDP port (8211).
HPE Aruba Networking, a Hewlett Packard Enterprise (HPE) subsidiary previously referred to as Aruba Networks, warned that profitable exploitation allows risk actors to execute arbitrary code with privileged entry.
The three vulnerabilities have an effect on Aruba Entry Factors working On the spot AOS-8 and AOS 10 and had been reported by safety researcher Erik De Jong via HPE Aruba Networking’s bug bounty program.
Impacted variations embody AOS-10.6.x.x (10.6.0.2 and beneath), AOS-10.4.x.x (10.4.1.3 and beneath), On the spot AOS-8.12.x.x (8.12.0.1 and beneath), and On the spot AOS-8.10.x.x (8.10.0.13 and beneath).
The corporate recommends admins to improve their units to the most recent software program to dam potential assaults (patches can be found for obtain on the HPE Networking Help Portal).
Workaround accessible, no lively exploitation
As a short lived workaround for units working On the spot AOS-8.x code, admins can allow “cluster-security” to dam exploitation makes an attempt. For AOS-10 units, the corporate advises blocking entry to port UDP/8211 from all untrusted networks.
HPE Aruba Networking additionally confirmed that different Aruba merchandise, together with Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways, should not impacted.
Based on the HPE Product Safety Response Crew, no public exploit code is on the market, and there have been no reviews of assaults concentrating on the three important vulnerabilities.
Earlier this yr, the corporate additionally patched 4 important RCE vulnerabilities impacting a number of variations of ArubaOS, its proprietary community working system.
In February, Hewlett Packard Enterprise (HPE) mentioned it was investigating a possible breach after a risk actor posted credentials and different delicate data (allegedly stolen from HPE) on the market on a hacking discussion board.
Two weeks earlier, it reported that its Microsoft Workplace 365 e-mail surroundings was breached in Might 2023 by hackers believed to be a part of the APT29 risk group linked to Russia’s Overseas Intelligence Service (SVR).
