HPE has revealed Aruba Access Points (APs), the company’s high-performance Wi-Fi devices, could have been vulnerable to a threat granting threat actors the ability to execute malicious code remotely.
The company confirmed the news in a security advisory, noting APs carried three critical vulnerabilities in the Command Line Interface (CLI) service: CVE:2024-42505, CVE-2024-42506, and CVE-2024-42507. By sending specially crafted packets to UDP port 8211 of the AP management protocol, PAPI, the crooks could elevate their privileges and thus gain the ability to execute arbitrary code.
APs running Instant AOS-8 and AOS-10 are all affected by these flaws, which includes AOS-10.6.x.x: 10.6.0.2 and below, AOS-10.4.x.x: 10.4.1.3 and below, Instant AOS-8.12.x.x: 8.12.0.1 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and below.
Patches and workarounds
A patch is already available for download, and given the severity of the flaws in question, HPE (Aruba’s parent company) urges users to apply it without hesitation. Those unable to install the patch on Instant AOS-8.x should enable “cluster-security”, while those with AOS-10 endpoints should block access to port UDP/8211 from all untrusted networks.
Other Aruba products, such as Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways, were confirmed safe. The good news is that there is no evidence of in-the-wild exploits, and no one has yet shared a Proof-of-Concept (PoC).
Aruba Access Points are wireless networking devices designed to provide high-performance, secure, and reliable Wi-Fi coverage in various environments, such as offices, campuses, and public spaces. They are part of Aruba’s broader networking solutions, which focus on simplifying network management while ensuring strong connectivity for users and IoT devices.
Via BleepingComputer