HPE Warns of Critical Remote Code Execution Flaws in Aruba Networking Access Points

Hewlett Packard Enterprise (HPE) has released security updates for Aruba Networking access points, addressing two critical vulnerabilities in AOS-8 and AOS-10 software. These security flaws could allow a remote attacker to execute unauthorized commands by exploiting the PAPI management protocol.

Details of the Vulnerabilities

The critical vulnerabilities, identified as CVE-2024-42509 and CVE-2024-47460, have severity scores of 9.8 and 9.0 out of 10, respectively. Both are located in the Command Line Interface (CLI) service and can be exploited by sending malicious packets to UDP port 8211, used by the PAPI protocol. These vulnerabilities expose devices to command injection attacks, enabling attackers to manipulate the access point management system without authentication.

Additional Vulnerabilities Resolved

In addition to the critical flaws, the update addresses four other vulnerabilities:

  • CVE-2024-47461: With a severity of 7.2, this flaw allows authenticated remote command execution, giving attackers the ability to execute commands on the operating system.
  • CVE-2024-47462 and CVE-2024-47463: Both scored 7.2, these vulnerabilities enable authenticated attackers to create arbitrary files, potentially leading to remote code execution.
  • CVE-2024-47464: Rated at 6.8 severity, this vulnerability allows authenticated attackers to access unauthorized files using path traversal techniques.

These six vulnerabilities affect the following software versions:

  • AOS-10.4.x.x (up to version 10.4.1.4 and earlier)
  • Instant AOS-8.12.x.x (up to version 8.12.0.2 and earlier)
  • Instant AOS-8.10.x.x (up to version 8.10.0.13 and earlier)
Recommendations and Solutions

To mitigate these security risks, HPE has released updates and patches that should be applied immediately. The recommended secure versions are:

  • AOS-10.7.x.x: Update to version 10.7.0.0 or higher.
  • AOS-10.4.x.x: Update to version 10.4.1.5 or later.
  • Instant AOS-8.12.x.x: Update to version 8.12.0.3 or higher.
  • Instant AOS-8.10.x.x: Update to version 8.10.0.14 or later.

For devices that cannot be updated immediately, HPE has provided temporary mitigation measures:

  • For the two critical vulnerabilities (CVE-2024-42509 and CVE-2024-47460): Restrict or block access to UDP port 8211 from untrusted networks.
  • For the other vulnerabilities: Limit access to management interfaces (CLI and web) by segmenting them into a dedicated VLAN or Layer 2 segment, and enforce Layer 3+ firewall policies to reduce exposure.
Current Exploitation Status

No active exploitation of these vulnerabilities has been detected so far. However, HPE emphasizes the importance of applying security updates or implementing mitigation measures as a precaution.

Conclusion

Applying security patches promptly is crucial, especially for enterprise environments relying on Aruba Networking access points for daily operations. The reported critical vulnerabilities pose significant security risks, and immediate updates are the best strategy to minimize potential attacks.

 

Related Posts
Devel Group
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.