ClickCease HPE Aruba Vulnerabilities: Prevent Systems From RCE Attacks

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

HPE Aruba Vulnerabilities: Prevent Systems From RCE Attacks

by Wajahat Raja

May 13, 2024 - TuxCare expert team

Recently, HPE Aruba Networking, formerly known as Aruba Networks, has encountered significant security challenges. Vulnerabilities in their ArubaOS, the proprietary network operating system, have been identified, posing serious risks, including remote code execution (RCE). In this article, we delve into the details of these HPE Aruba vulnerabilities, their implications, and the recommended actions to mitigate potential threats.

 

Understanding the HPE Aruba Vulnerabilities


HPE Aruba Networking’s April 2024 security advisory highlights critical flaws within ArubaOS, with ten vulnerabilities identified. Among these, four are deemed critical, presenting unauthenticated buffer overflow issues leading to remote code execution (RCE). These vulnerabilities are assigned high severity scores (CVSS v3.1: 9.8), emphasizing their significant impact.


Affected Products and Services


The vulnerabilities affect various HPE Aruba Networking products and services, including Mobility Conductor, Mobility Controllers, WLAN Gateways, and SD-WAN Gateways managed by Aruba Central. Specifically, impacted are older versions of ArubaOS, including 10.5.1.0 and below, 10.4.1.0 and older, 8.11.2.1 and below, and 8.10.0.10 and older. 

 

Additionally, end-of-life (EoL) versions are also susceptible to these vulnerabilities, encompassing ArubaOS below 10.3, 8.9, 8.8, 8.7, 8.6, 6.5.4, and certain SD-WAN versions. Effective HPE Aruba threat mitigation is essential for maintaining the security of our network environment.


Critical Vulnerabilities Identified


The four critical
HPE Aruba security vulnerabilities identified are as follows:

 

  1. CVE-2024-26304: This flaw involves an unauthenticated buffer overflow vulnerability in the L2/L3 Management Service accessed via the PAPI protocol.
  2. CVE-2024-26305: An unauthenticated buffer overflow vulnerability in the Utility Daemon accessed via the PAPI protocol.
  3. CVE-2024-33511: This vulnerability pertains to an unauthenticated buffer overflow in the Automatic Reporting Service accessed via the PAPI protocol.
  4. CVE-2024-33512: A flaw allowing unauthenticated, remote attackers to execute code by exploiting a buffer overflow in the Local User Authentication Database service accessed via the PAPI protocol.

HPE Aruba vulnerabilities: RCE Exploit ArubaOS


Threat actors can exploit these
ArubaOS vulnerabilities by sending specially crafted packets to the Process Application Programming Interface (PAPI) UDP port (8211). Once exploited, attackers can execute arbitrary code as privileged users on the underlying operating system, posing severe risks to affected systems and data integrity.

Security researcher Chancen deserves credit for discovering and reporting seven of the ten identified issues, including the critical buffer overflow vulnerabilities. Their contributions are pivotal in addressing these security gaps and fortifying system defenses against potential exploits.

 

HPE Aruba Patch Update

Recent reports claim that to mitigate these HPE Aruba vulnerabilities, HPE Aruba Networking recommends enabling Enhanced PAPI Security and promptly upgrading to patched versions of ArubaOS. For temporary measures, users of ArubaOS 8.x are advised to activate the Enhanced PAPI Security feature using a non-default key, enhancing system resilience against potential threats.


Mitigating Aruba RCE Attacks


We need to address the
HPE Aruba vulnerabilities to ensure the security of our network. Users are strongly advised to apply the latest security fixes provided by HPE Aruba Networking to safeguard their systems against potential exploits. Timely implementation of these updates is crucial in mitigating risks and ensuring the integrity of network infrastructure.


Conclusion


The identification of critical vulnerabilities within HPE Aruba Networking’s ArubaOS underscores the importance of applying
Aruba security best practices in today’s digital landscape. It’s crucial to mitigate the PAPI vulnerabilities Aruba to safeguard our network infrastructure. 

By promptly addressing these vulnerabilities and adopting recommended mitigation strategies as well as implementing robust security measures, organizations can enhance their cyber resilience and safeguard critical assets from potential threats. Collaboration between security researchers and industry stakeholders remains instrumental in identifying and addressing emerging security challenges, fostering a safer and more secure digital ecosystem for all.

The sources for this piece include articles in The Hacker News and Bleeping Computer.

Summary
HPE Aruba Vulnerabilities: Prevent Systems From RCE Attacks
Article Name
HPE Aruba Vulnerabilities: Prevent Systems From RCE Attacks
Description
Discover critical HPE Aruba vulnerabilities & safeguard against RCE attacks. Learn how to secure your network infrastructure today.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!