HPE Aruba Addresses Severe Vulnerabilities in Access Points

September 26, 2024

HPE Aruba Networking, a subsidiary of Hewlett Packard Enterprise (HPE), has patched three severe vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points. These security flaws, identified as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, could potentially allow unauthorized attackers to remotely execute code on vulnerable devices. This could be achieved by sending specially designed packets to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities could enable threat actors to execute arbitrary code with privileged access.

The vulnerabilities affect Aruba Access Points running Instant AOS-8 and AOS 10. They were identified by security researcher Erik De Jong through HPE Aruba Networking's bug bounty program. The affected versions include AOS-10.6.x.x (10.6.0.2 and below), AOS-10.4.x.x (10.4.1.3 and below), Instant AOS-8.12.x.x (8.12.0.1 and below), and Instant AOS-8.10.x.x (8.10.0.13 and below). HPE Aruba Networking advises administrators to update their devices to the latest software to prevent potential attacks. Patches are available for download on the HPE Networking Support Portal.

As a temporary solution for devices running Instant AOS-8.x code, administrators can enable 'cluster-security' to block exploitation attempts. For AOS-10 devices, HPE Aruba Networking recommends blocking access to port UDP/8211 from all untrusted networks. The company also confirmed that other Aruba products, including Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways, are not impacted by these vulnerabilities.

According to the HPE Product Security Response Team, there is currently no public exploit code available, and there have been no reports of attacks targeting these three critical vulnerabilities. Earlier this year, HPE Aruba patched four critical remote code execution vulnerabilities affecting multiple versions of ArubaOS, its proprietary network operating system. In February, HPE announced that it was investigating a potential breach after a threat actor posted credentials and other sensitive information, purportedly stolen from HPE, for sale on a hacking forum. Two weeks prior, HPE reported that its Microsoft Office 365 email environment was breached in May 2023 by hackers believed to be associated with the APT29 threat group linked to Russia's Foreign Intelligence Service (SVR).

Latest News

• 'SloppyLemming' APT Targets Government and Law Enforcement Agencies via Cloudflare
• Critical Ivanti vTM Authentication Bypass Vulnerability Now Actively Exploited
• Twelve Hacktivist Group Resurfaces, Targets Russian Entities
• China's 'Earth Baxia' Cyber Espionage Group Targets APAC via GeoServer Exploitation
• Iranian APT UNC1860, Linked to MOIS, Plays Key Role in Cyber Intrusions in Middle East