Multiple vulnerabilities have been discovered in Aruba 9200 and 9000 Series Controllers and Gateways running ArubaOS. The vulnerabilities related to Buffer Overflow and Hardware Root of Trust bypass. Aruba has released a security advisory for addressing these vulnerabilities.
At the end of August, Aruba released patches for multiple vulnerabilities affecting Aruba Switches, which were related to Stored Cross-site Scripting (Stored XSS), Denial of Service (DoS), and Memory corruption.
These two vulnerabilities are related to Buffer Overflow that exists in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways. These vulnerabilities can allow a threat actor to execute arbitrary code in the boot sequence.
In addition to this, the threat actor can also gain access to sensitive information in the affected Aruba Series controllers and change them which leads to a complete system compromise. The severity for these vulnerabilities has been given as 8.0 (High).
CVE-2023-38486 – Hardware Root of Trust Bypass
This vulnerability exists in the secure boot implementation on the affected Aruba 9200 and 9000 Series Controllers and Gateways could allow a threat actor to bypass the security control that prohibits unsigned kernel images from executing.
Furthermore, the threat actor can also use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images. The severity of this vulnerability has been given as 7.7 (High).
Prerequisites for a Threat Actor & Workaround
In order to exploit these vulnerabilities, the threat actor must exploit other vulnerabilities and gain access to the root shell of the Local ArubaOS controller since these vulnerabilities require root shell access for exploitation.
As a workaround, Aruba has recommended its users restrict the CLI and web-based management interfaces to a dedicated layer 2 segment or by firewall policies at layer 3 and above.
“HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.” reads the security advisory by Aruba.
For detailed information about these vulnerabilities, it is recommended to check the security advisory released by Aruba.
|Affected Products||Affected Software Versions||End-of-support products (Patches will not be released)||Fixed in versions|
|9200 Series Mobility Controllers and SD-WAN Gateways9000 Series Mobility Controllers and SD-WAN Gateways||ArubaOS 10.4.x.x: 10.4.0.1 and belowArubaOS 8.11.x.x: 22.214.171.124 and belowArubaOS 8.10.x.x: 126.96.36.199 and belowArubaOS 8.6.x.x: 188.8.131.52 and below||ArubaOS 10.3.x.x: allArubaOS 8.9.x.x: allArubaOS 8.8.x.x: allArubaOS 8.7.x.x: allArubaOS 6.5.4.x: allSD-WAN 184.108.40.206-2.3.0.x: allSD-WAN 220.127.116.11-2.2.x.x: all||ArubaOS 10.4.x.x: 10.4.0.2 and aboveArubaOS 8.11.x.x: 18.104.22.168 and aboveArubaOS 8.10.x.x: 22.214.171.124 and aboveArubaOS 8.6.x.x: 126.96.36.199 and above|
Users of these products are recommended to upgrade to the latest ArubaOS versions to fix these vulnerabilities and prevent them from getting exploited.