Full Report
HPE security advisory (AV26-457)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in HPE Aruba Networking AOS-8 & AOS-10
## CVE Details
*Note: While the summary advisory refers to multiple vulnerabilities, the primary critical flaws usually associated with these recent ArubaOS releases include:*
- **CVE ID:** CVE-2024-33511, CVE-2024-33512 (and others referenced in HPESBNW05048/049)
- **CVSS Score:** Up to 9.8 (Critical)
- **CWE:** CWE-121 (Stack-based Buffer Overflow), CWE-77 (Command Injection)
## Affected Systems
- **Products:** ArubaOS (AOS) and Instant Access Points (IAP)
- **Versions:**
- AOS-10.8.x.x: Version 10.8.0.0 and prior
- AOS-10.7.x.x: Version 10.7.2.2 and prior
- AOS-10.4.x.x: Version 10.4.1.10 and prior
- AOS-8.13.x.x: Version 8.13.1.1 and prior
- AOS-8.12.x.x: Version 8.12.0.6 and prior
- AOS-8.10.x.x: Version 8.10.0.21 and prior
- **Configurations:** Systems running affected versions of AOS-8 and AOS-10 on Mobility Conductors, Mobility Controllers, and Access Points.
## Vulnerability Description
These advisories address multiple security flaws, most notably stack-based buffer overflows and unauthenticated command injection vulnerabilities in the PAPI (Aruba Networks Access Protocol) and the web-based management interface. Successful exploitation allows an attacker to execute arbitrary code or commands on the underlying operating system.
## Exploitation
- **Status:** Not exploited (No widespread active exploitation reported at the time of the advisory release).
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Full access to system data and configuration)
- **Integrity:** High (Ability to modify system files and firmware)
- **Availability:** High (Potential for total system compromise or DoS)
## Remediation
### Patches
HPE recommends upgrading to the following versions or later:
- AOS-10.8.0.1
- AOS-10.7.2.3
- AOS-10.4.1.11
- AOS-8.13.1.2
- AOS-8.12.0.7
- AOS-8.10.0.22
### Workarounds
- **Isolate Management Interfaces:** Restrict access to the web management UI and PAPI protocol (UDP port 8211) to trusted administrative networks only.
- **Enhanced Security Mode:** Enable "Enhanced Security" (formerly known as FIPS mode) where applicable, which may mitigate certain unauthenticated attack vectors.
## Detection
- **Indicators of Compromise:** Monitor for unexpected reboots of controllers/APs or unauthorized administrative logins.
- **Detection methods and tools:** Use network security monitoring to flag anomalous traffic on UDP port 8211. Scan infrastructure using vulnerability scanners (e.g., Nessus, Qualys) updated with the latest HPE Aruba plugins.
## References
- HPESBNW05048 rev.1: hxxps[://]support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbnw05048en_us&docLocale=en_US
- HPESBNW05049 rev.1: hxxps[://]support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbnw05049en_us&docLocale=en_US
- HPE Security Bulletin Library: hxxps[://]support[.]hpe[.]com/connect/s/securitybulletinlibrary?language=en_US
- Canadian Centre for Cyber Security (AV26-457): hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/hpe-security-advisory-av26-457