HPE Addresses Critical Vulnerabilities in Aruba Networking Access Points
Hewlett Packard Enterprise (HPE) recently unveiled a series of security updates aimed at remedying multiple vulnerabilities in its Aruba Networking Access Point products. Among these are two significant critical vulnerabilities that may allow for unauthenticated command execution, compromising the integrity of the affected systems.
The vulnerabilities impact Access Points operating on Instant AOS-8 and AOS-10 versions, specifically those at or below versions 10.4.1.4 for AOS-10 and 8.12.0.2 as well as 8.10.0.13 for Instant AOS-8. The flaws ranked as CVE-2024-42509 and CVE-2024-47460 carry a CVSS score of 9.8 and 9.0 respectively, indicating a serious risk to the affected devices.
Exploitation of these vulnerabilities could result in the execution of arbitrary code via the Command Line Interface (CLI) service of the Access Points. This scenario arises when attackers manipulate specially crafted packets directed at the PAPI (Aruba’s Access Point management protocol) UDP port 8211. HPE issued an advisory cautioning that a successful attack could grant unauthorized remote code execution capabilities to malicious actors, potentially allowing them to operate with privileged user rights on the system.
To mitigate this severe risk on devices running Instant AOS-8, HPE recommends enabling cluster security through the cluster-security command. For instances running AOS-10, blocking access to UDP port 8211 from untrusted networks is advised as a preventive measure.
In addition to the two critical vulnerabilities, HPE has addressed four more issues. These include CVE-2024-47461 with a CVSS score of 7.2, representing an authenticated remote command execution risk, along with CVE-2024-47462 and CVE-2024-47463, also with a score of 7.2, which pertain to arbitrary file creation vulnerabilities leading to unauthorized command execution.
The remaining vulnerability, CVE-2024-47464, scores 6.8 and relates to an authenticated path traversal flaw that could facilitate unauthorized remote access to files.
As a precaution, users are encouraged to restrict access to CLI and web-based management interfaces. This can be achieved by isolating these systems within a dedicated VLAN and managing access through robust firewall policies operating at layer 3 and higher.
Although Aruba Access Points have not been reported as exploited in real-world incidents to date, they present an enticing target for cybercriminals. The potential for privileged user remote code execution could have significant implications if these vulnerabilities are left unaddressed. Security experts, such as those from Arctic Wolf, warn that unauthorized actors might soon seek to reverse-engineer the patches released by HPE to exploit any unpatched systems.
This incident underscores the critical importance of proactive vulnerability management and continual monitoring within organizational cybersecurity protocols, especially within the context of emerging threats encapsulated in the MITRE ATT&CK framework, such as initial access, privilege escalation, and remote command execution techniques. Business leaders must remain vigilant and responsive to such security advisories to protect their networks effectively.
