November 7, 2024 at 10:51AM
Hewlett Packard Enterprise (HPE) addressed critical vulnerabilities in Aruba Networking Access Points with updates for AOS-8 and AOS-10 software. Two severe flaws (CVE-2024-42509, CVE-2024-47460) allow remote command injection. Users are advised to update to specific versions and implement workarounds to enhance security. No active exploitation reported.
### Meeting Takeaways:
1. **Software Updates Released**: Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 to fix two critical vulnerabilities in Aruba Networking Access Points.
2. **Critical Vulnerabilities**:
– **CVE-2024-42509** and **CVE-2024-47460**:
– Severity Scores: 9.8 and 9.0 respectively.
– Vulnerability Description: Remote command injection via specially crafted packets sent to the PAPI management protocol over UDP port 8211.
3. **Additional Vulnerabilities**:
Four more vulnerabilities have been addressed:
– **CVE-2024-47461** (Severity: 7.2): Authenticated remote command execution.
– **CVE-2024-47462** and **CVE-2024-47463** (Severity: 7.2): Creation of arbitrary files by authenticated attackers, possibly leading to remote command execution.
– **CVE-2024-47464** (Severity: 6.8): Path traversal vulnerability allowing unauthorized file access by authenticated attackers.
4. **Affected Versions**: All six vulnerabilities impact:
– AOS-10.4.x.x: 10.4.1.4 and older.
– Instant AOS-8.12.x.x: 8.12.0.2 and below.
– Instant AOS-8.10.x.x: 8.10.0.13 and older.
– Other outdated versions that have reached End of Maintenance will not receive updates.
5. **Recommended Fixes**:
Users should update devices to the following versions or newer:
– **AOS-10.7.x.x**: 10.7.0.0 and later.
– **AOS-10.4.x.x**: 10.4.1.5 or later.
– **Instant AOS-8.12.x.x**: 8.12.0.3 or newer.
– **Instant AOS-8.10.x.x**: 8.10.0.14 or above.
6. **Workarounds Provided**:
– For critical flaws: Block access to UDP port 8211 from untrusted networks.
– For other issues: Restrict access to CLI and web management interfaces using dedicated layer 2 segments or VLANs and employ firewall policies to limit potential exposure.
7. **Current Status**: There have been no observed active exploitations of these vulnerabilities, but applying security updates and mitigations is strongly recommended.