Warning: ARUBA NETWORKS PUBLISHED 33 NEW VULNERABILITIES OF WHICH 6 ARE RATED CRITICAL, MITIGATE IMMEDIATELY!
Selection of the most critical vulnerabilties in the report:
CVE-2023-22747: 9.8 (CVSS:3.1/AV: N/AC: L/PR: N/UI: N/S: U/C:H/I:H/A:H)
CVE-2023-22748: 9.8 (CVSS:3.1/AV: N/AC: L/PR: N/UI: N/S: U/C:H/I:H/A:H)
CVE-2023-22749: 9.8 (CVSS:3.1/AV: N/AC: L/PR: N/UI: N/S: U/C:H/I:H/A:H)
CVE-2023-22750: 9.8 (CVSS:3.1/AV: N/AC: L/PR: N/UI: N/S: U/C:H/I:H/A:H)
CVE-2023-22751: 9.8 (CVSS:3.1/AV: N/AC: L/PR: N/UI: N/S: U/C:H/I:H/A:H)
CVE-2023-22752: 9.8 (CVSS:3.1/AV: N/AC: L/PR: N/UI: N/S: U/C:H/I:H/A:H)
Sources
https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEzNzAw;notificationCategory=Security
Risks
A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services, including MPLS, LTE and broadband internet services, to securely connect users to applications.
Successful exploitation of any of these critical vulnerabilities result in code execution by the attacker with high privileges and has a HIGH impact on Confidentiality, Integrity, and Availability.
Description
CVE-2023-22747, CVE-2023-22748, CVE-2023-22749 & CVE-2023-22750:
The above mentioned four command injection vulnerabilities can lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-22751 & CVE-2023-22752:
The above mentioned two stack-based buffer overflow vulnerabilities can lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:
Enable the Enhanced PAPI Security feature using a non-default key will prevent exploitation of these vulnerabilities.