The Information Highway

The Information Highway
Font size: +
  Print
2 minutes reading time (357 words)

RCE vulnerabilities in HPE Aruba Networking devices

160 Hits

Threat update

HPE Aruba Networking has disclosed that critical remote code execution (RCE) vulnerabilities are impacting multiple versions of ArubaOS. Out of the ten vulnerabilities found, four pose critical risks of unauthenticated buffer overflows in various services.

Technical Detail and Additional Info

What is the threat?

The four critical vulnerabilities that have been identified are:

  • CVE-2024-26305: This vulnerability resides in the ArubaOS Utility daemon. When a malicious packet is sent to the PAPI (Aruba's access point management protocol) UDP port 8211, it can trigger a buffer overflow, allowing attackers to inject and execute arbitrary code on the device.
  • CVE-2024-26304: This vulnerability is affects L2/L3 management service that can allow remote code execution.
  • CVE-2024-33511: This is a buffer overflow vulnerability in the underlying Automatic Reporting service that can allow remote code execution.
  • CVE-2024-33512: This is a buffer overflow vulnerability in the underlying Local User Authentication Database service.

CVE-2024-26304, CVE-2024-33511, and CVE-2024-33512 are all exploitable through sending specially crafted packets to the PAPI UDP port 8211. 

Why is it noteworthy?

Successful exploitation of the above vulnerabilities allows unauthenticated remote code execution (RCE) with privileged access on the underlying operating system. This means attackers can take complete control of the device and can potentially travel laterally. 

What is the exposure or risk?

HPE Aruba Networking has not observed any cases of active exploitation or the existence of proof-of-concept (PoC) exploits for the vulnerabilities. However, if exploited, the vulnerabilities can allow an attacker to take complete control of affected devices. They could lead to disrupted network operations, stolen data, or further attacks within the network. 

What are the recommendations?

 LBT Technology Group recommends the following actions to limit the impact of the critical ArubaOS vulnerabilities:

  • Update to the newest, patched versions as listed below:
    • ArubaOS 10.6.0.0 and above
    • ArubaOS 10.5.1.1 and above
    • ArubaOS 10.4.1.1 and above
    • ArubaOS 8.11.2.2 and above
    • ArubaOS 8.10.0.11 and above
  • Enable the Enhanced PAPI Security feature using a non-default key as a temporary workaround for ArubaOS 8.x.

References

 For more in-depth information about the recommendations, please visit the following links:

  • https://thehackernews.com/2024/05/four-critical-vulnerabilities-expose.html

If you have any questions, please contact LBT's Sales Engineer.


0
How do you feel about this post?
Happy (0)
Love (0)
Surprised (0)
Sad (0)
Angry (0)
Tags:
unauthenticated buffer overflows vulnerabilities code execution block HPE Aruba Networking move
Monday.com removes "Share Update" feature abused f...
SaaS Backup & Archive (SBA) Automatically protect ...

About the author

LBT Technology Group, LLC.

LBT Technology Group, LLC.

As we navigate our ever-evolving cyber society, LBT Technology Group believes providing comprehensive IT services to others is essential. As a Managed IT Services Provider (MSP), we are positioned to eliminate your pain points by optimizing your technology, mitigating your cyber security risk footprint, and improving your cyber resilence. The focus we place on reducing the presistent cyber security risks to the confidentiality, integrity, and availability of your information systems and our proficiency in restoring IT services in the event of a cyber attack or technology outage separates us from our competitors--WE SIMPLIFY YOUR IT EQUATION.
Author's recent posts
More posts from author

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Tuesday, 18 June 2024

Captcha Image