ArubaOS Multiple Vulnerabilities (CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, CVE-2023-22750, CVE-2023-22751, and CVE-2023-22752)

Aruba Networks has released a security advisory to address 33 vulnerabilities that affect different versions of ArubaOS. The vulnerabilities affect various products, including Aruba Mobility Conductor, Aruba Mobility Controllers, and Aruba-managed WLAN Gateways and SD-WAN Gateways. Out of these 33 vulnerabilities, six are rated as critical.

CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750 are critical severity command injection vulnerabilities with a CVSSv3 score of 9.8. 
 
CVE-2023-22751 and CVE-2023-22752 are critical severity stack-based buffer overflow vulnerabilities with a CVSSv3 score of 9.8. 
 
Aruba Networks is a subsidiary of Hewlett Packard Enterprise. Aruba Networks provides wired, wireless, and SD-WAN solutions that use AI to automate and secure the network from edge to cloud. The products protect users and networks by replacing static VLANs and ACLs with policy-based automation, advanced threat intelligence, and AI-based device profiling. 

Description

Multiple Unauthenticated Command Injections in the PAPI Protocol (CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750) 
 
These command injection vulnerabilities could lead to remote code execution. An unauthenticated attacker can exploit these vulnerabilities by sending specially crafted packets to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code as a privileged user on a vulnerable system. 
 
Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol (CVE-2023-22751 and CVE-2023-22752) 
 
These stack-based buffer overflow vulnerabilities could lead to remote code execution. An unauthenticated attacker can exploit these vulnerabilities by sending specially crafted packets to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code as a privileged user on a vulnerable system.

Affected products
  • ArubaOS 8.6.x.x: 8.6.0.19 and below 
  • ArubaOS 8.10.x.x: 8.10.0.4 and below 
  • ArubaOS 10.3.x.x: 10.3.1.0 and below 
  • SD-WAN 8.7.0.0-2.3.0.x:  8.7.0.0-2.3.0.8 and below

The following ArubaOS software versions that are End of Life are affected by these vulnerabilities and are unpatched by this advisory: 

  • ArubaOS 6.5.4.x: all 
  • ArubaOS 8.7.x.x: all 
  • ArubaOS 8.8.x.x: al 
  • ArubaOS 8.9.x.x: all 
  • SD-WAN 8.6.0.4-2.2.x.x: all 
Mitigation

Aruba has released patches for ArubaOS to address these vulnerabilities. 
 
Please refer to the Aruba Security Advisory (ARUBA-PSA-2023-002) for more information. 

Workaround

Enable the Enhanced PAPI Security feature using a non-default key will prevent the exploitation of these vulnerabilities. 

Qualys Detection

Qualys customers can scan their devices with QIDs 43988 and 43989 to detect vulnerable assets. 
 
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities. 
  
References 
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt  

Leave a Reply

Your email address will not be published. Required fields are marked *