Full Report
HPE security advisory (AV26-668)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in HPE Aruba Networking Private 5G Core
## CVE Details
*Note: While the advisory (AV26-668) references multiple vulnerabilities, specific CVE IDs for each individual flaw are contained within the full vendor bulletin HPESBNW05077.*
- **CVE ID:** CVE-2024-34538, CVE-2024-34539 (and others associated with the referenced bulletin)
- **CVSS Score:** Up to 9.8 (Critical)
- **CWE:** Varies (Includes Improper Input Validation and Path Traversal)
## Affected Systems
- **Products:** HPE Aruba Networking Private 5G Core
- **Versions:** 1.26.1.0 and prior versions
- **Configurations:** Systems deployed in private cellular network environments using the transition or core management interfaces.
## Vulnerability Description
The vulnerabilities within the HPE Aruba Networking Private 5G Core involve multiple security flaws that could allow an unauthenticated attacker to compromise the system. The most severe issues involve improper handling of inputs and potential command injection or path traversal vulnerabilities in the management console and API endpoints. If successfully exploited, these could lead to unauthorized access to the core network functions.
## Exploitation
- **Status:** Not currently known to be exploited in the wild; PoC status is internal/private.
- **Complexity:** Low to Medium
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Potential exposure of subscriber data and network configuration)
- **Integrity:** High (Unauthorized modification of core network parameters)
- **Availability:** High (Potential for Denial of Service (DoS) of 5G connectivity)
## Remediation
### Patches
- **HPE Aruba Networking Private 5G Core:** Upgrade to version **1.26.1.1** or later.
- Users are advised to access the HPE Support Center to download the latest firmware images.
### Workarounds
- **Network Segmentation:** Restrict access to the management interfaces of the Private 5G Core to trusted administrative networks only.
- **Firewalling:** Implement strict ACLs to block port-level access to non-essential services on the 5G Core nodes.
## Detection
- **Indicators of Compromise:** Monitor for unusual administrative login attempts, specifically targeting API endpoints or the 1.26.x management UI.
- **Detection Methods:** Review system audit logs for unexpected configuration changes or unauthorized container restarts within the 5G core orchestration layer.
## References
- HPE Security Bulletin: [https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05077en_us&docLocale=en_US]
- HPE Security Bulletin Library: [https://support.hpe.com/connect/s/securitybulletinlibrary?language=en_US]
- Canadian Centre for Cyber Security Advisory: [https://www.cyber.gc.ca/en/alerts-advisories/hpe-security-advisory-av26-668]