HPE Aruba Networking, previously known as Aruba Networks, has recently issued critical security updates addressing significant vulnerabilities within its ArubaOS. These flaws pose a risk that could lead to remote code execution (RCE) on affected systems, making immediate action imperative for businesses reliant on this networking solution.
The updates pertain to a total of ten security defects identified by Aruba, with four of those rated as critical. Among them, CVE-2024-26304 presents an unauthenticated buffer overflow vulnerability in the L2/L3 Management Service, while CVE-2024-26305 affects the Utility Daemon. Additionally, CVE-2024-33511 pertains to the Automatic Reporting Service, and CVE-2024-33512 impacts the Local User Authentication Database. Each of these vulnerabilities carries a high CVSS score of 9.8, indicating their severity and potential for exploitation.
A malicious actor could exploit these vulnerabilities by sending specially crafted packets to the Process Application Programming Interface (PAPI) UDP port (8211). This method would allow them to execute arbitrary code with elevated privileges on the underlying operating system, thereby endangering the integrity and confidentiality of the affected systems.
The vulnerabilities impact critical components such as Mobility Conductor (formerly Mobility Master), Mobility Controllers, and both WLAN and SD-WAN Gateways managed through Aruba Central. Specifically, affected software versions include ArubaOS 10.5.1.0 and earlier, 10.4.1.0 and earlier, as well as various versions from the 8.x series. The flaws also extend to ArubaOS versions that have reached end-of-maintenance status, reinforcing the need for organizations to assess their current software deployments carefully.
Seven of the identified vulnerabilities were discovered and reported by a security researcher known as Chancen, highlighting the importance of vigilance within the cybersecurity community. Given the critical nature of these flaws, users are strongly urged to implement the latest fixes to safeguard their networks against potential exploits.
For those utilizing ArubaOS 8.x, a temporary workaround has been suggested. Aruba recommends enabling the Enhanced PAPI Security feature using a non-default key, offering an interim measure to mitigate risks while awaiting full patch application.
This situation underscores the essential nature of proactive cybersecurity measures in business environments. As HPE Aruba continues to address these serious vulnerabilities, it serves as a reminder to business owners of the risks stemming from software flaws and the importance of maintaining up-to-date systems to protect against emerging threats. In the context of the MITRE ATT&CK framework, techniques associated with this type of attack may include initial access through exploitation of known vulnerabilities, privilege escalation, and potentially persistence via code execution, intensifying the impact of these vulnerabilities on enterprise security.
In conclusion, business owners must remain vigilant and responsive to security advisories from vendors like HPE Aruba, particularly in an era where cyber threats can rapidly evolve, jeopardizing organizational assets. Active engagement in applying updates and understanding the implications of reported vulnerabilities is critical in mitigating risks and safeguarding operational continuity.
