HPE has revealed that Aruba Access Points (APs), the company’s high-performance Wi-Fi devices, may have been vulnerable to a threat that gives threat actors the ability to execute malicious code remotely.
The company confirmed the news in a security advisory, noting that APs contain three critical vulnerabilities in the Command Line Interface (CLI) service: CVE:2024-42505, CVE-2024-42506, and CVE-2024-42507. By sending specially crafted packets to UDP port 8211 of the AP management protocol PAPI, the crooks were able to escalate their privileges and gain the ability to execute arbitrary code.
APs running Instant AOS-8 and AOS-10 are all affected by these errors, including AOS-10.6.xx: 10.6.0.2 and lower, AOS-10.4.xx: 10.4.1.3 and lower, Instant AOS-8.12.xx: 8.12 .0.1 and lower, and Instant AOS-8.10.xx: 8.10.0.13 and lower.
Patches and fixes
A patch is already available for download, and given the severity of the flaws involved, HPE (Aruba’s parent company) urges users to apply it without hesitation. Those who cannot install the patch on Instant AOS-8.x should enable “cluster protection,” while those with AOS-10 endpoints should block access to port UDP/8211 from all untrusted networks.
Other Aruba products, such as Networking Mobility Conductors, Mobility Controllers and SD-WAN Gateways, have been confirmed to be secure. The good news is that there is no evidence of in-the-wild exploits, and no one has shared a Proof-of-Concept (PoC) yet.
Aruba Access Points are wireless networking devices designed to provide high-quality, secure and reliable Wi-Fi coverage in various environments such as offices, campuses and public areas. They are part of Aruba’s broader networking solutions, which focus on simplifying network management while ensuring strong connectivity for users and IoT devices.
Via BleepingComputer