Hewlett Packard Enterprise (HPE) has launched safety updates to handle a number of vulnerabilities impacting Aruba Networking Entry Level merchandise, together with two vital bugs that might end in unauthenticated command execution.
The failings have an effect on Entry Factors working Prompt AOS-8 and AOS-10 –
- AOS-10.4.x.x: 10.4.1.4 and under
- Prompt AOS-8.12.x.x: 8.12.0.2 and under
- Prompt AOS-8.10.x.x: 8.10.0.13 and under
Essentially the most extreme among the many six newly patched vulnerabilities are CVE-2024-42509 (CVSS rating: 9.8) and CVE-2024-47460 (CVSS rating: 9.0), two vital unauthenticated command injection flaws within the CLI Service that might outcome within the execution of arbitrary code.
“Command injection vulnerability within the underlying CLI service may result in unauthenticated distant code execution by sending specifically crafted packets destined to the PAPI (Aruba’s Entry Level administration protocol) UDP port (8211),” HPE mentioned in an advisory for each the failings.
“Profitable exploitation of this vulnerability ends in the power to execute arbitrary code as a privileged person on the underlying working system.”
It is suggested to allow cluster safety through the cluster-security command to mitigate CVE-2024-42509 and CVE-2024-47460 on units working Prompt AOS-8 code. Nonetheless, for AOS-10 units, the corporate recommends blocking entry to UDP port 8211 from all untrusted networks.
Additionally resolved by HPE are 4 different vulnerabilities –
- CVE-2024-47461 (CVSS rating: 7.2) – An authenticated arbitrary distant command execution (RCE) in Prompt AOS-8 and AOS-10
- CVE-2024-47462 and CVE-2024-47463 (CVSS scores: 7.2) – An arbitrary file creation vulnerability in Prompt AOS-8 and AOS-10 that results in authenticated distant command execution
- CVE-2024-47464 (CVSS rating: 6.8) – An authenticated path traversal vulnerability results in distant unauthorized entry to recordsdata
As workarounds, customers are being urged to limit entry to CLI and web-based administration interfaces by putting them inside a devoted VLAN, and controlling them through firewall insurance policies at layer 3 and above.
“Though Aruba Community entry factors haven’t beforehand been reported as exploited within the wild, they’re a sexy goal for menace actors as a result of potential entry these vulnerabilities may present via privileged person RCE,” Arctic Wolf mentioned. “Moreover, menace actors could try to reverse-engineer the patches to take advantage of unpatched programs within the close to future.”