Hewlett Packard Enterprise (HPE) has launched safety updates to handle a number of vulnerabilities impacting Aruba Networking Entry Level merchandise, together with two important bugs that might end in unauthenticated command execution.
The issues have an effect on Entry Factors operating Immediate AOS-8 and AOS-10 –
- AOS-10.4.x.x: 10.4.1.4 and beneath
- Immediate AOS-8.12.x.x: 8.12.0.2 and beneath
- Immediate AOS-8.10.x.x: 8.10.0.13 and beneath
Essentially the most extreme among the many six newly patched vulnerabilities are CVE-2024-42509 (CVSS rating: 9.8) and CVE-2024-47460 (CVSS rating: 9.0), two important unauthenticated command injection flaws within the CLI Service that might end result within the execution of arbitrary code.
“Command injection vulnerability within the underlying CLI service may result in unauthenticated distant code execution by sending specifically crafted packets destined to the PAPI (Aruba’s Entry Level administration protocol) UDP port (8211),” HPE stated in an advisory for each the issues.
“Profitable exploitation of this vulnerability ends in the power to execute arbitrary code as a privileged person on the underlying working system.”
It is suggested to allow cluster safety through the cluster-security command to mitigate CVE-2024-42509 and CVE-2024-47460 on gadgets operating Immediate AOS-8 code. Nevertheless, for AOS-10 gadgets, the corporate recommends blocking entry to UDP port 8211 from all untrusted networks.
Additionally resolved by HPE are 4 different vulnerabilities –
- CVE-2024-47461 (CVSS rating: 7.2) – An authenticated arbitrary distant command execution (RCE) in Immediate AOS-8 and AOS-10
- CVE-2024-47462 and CVE-2024-47463 (CVSS scores: 7.2) – An arbitrary file creation vulnerability in Immediate AOS-8 and AOS-10 that results in authenticated distant command execution
- CVE-2024-47464 (CVSS rating: 6.8) – An authenticated path traversal vulnerability results in distant unauthorized entry to recordsdata
As workarounds, customers are being urged to limit entry to CLI and web-based administration interfaces by putting them inside a devoted VLAN, and controlling them through firewall insurance policies at layer 3 and above.
“Though Aruba Community entry factors haven’t beforehand been reported as exploited within the wild, they’re a pretty goal for menace actors as a result of potential entry these vulnerabilities may present by means of privileged person RCE,” Arctic Wolf stated. “Moreover, menace actors might try and reverse-engineer the patches to use unpatched methods within the close to future.”
