Multiple vulnerabilities have been discovered in Aruba 9200 and 9000 Series Controllers and Gateways running ArubaOS. The vulnerabilities related to Buffer Overflow and Hardware Root of Trust bypass. Aruba has released a security advisory for addressing these vulnerabilities.
At the end of August, Aruba released patches for multiple vulnerabilities affecting Aruba Switches, which were related to Stored Cross-site Scripting (Stored XSS), Denial of Service (DoS), and Memory corruption.
These two vulnerabilities are related to Buffer Overflow that exists in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways. These vulnerabilities can allow a threat actor to execute arbitrary code in the boot sequence.
In addition to this, the threat actor can also gain access to sensitive information in the affected Aruba Series controllers and change them which leads to a complete system compromise. The severity for these vulnerabilities has been given as 8.0 (High).
This vulnerability exists in the secure boot implementation on the affected Aruba 9200 and 9000 Series Controllers and Gateways could allow a threat actor to bypass the security control that prohibits unsigned kernel images from executing.
Furthermore, the threat actor can also use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images. The severity of this vulnerability has been given as 7.7 (High).
In order to exploit these vulnerabilities, the threat actor must exploit other vulnerabilities and gain access to the root shell of the Local ArubaOS controller since these vulnerabilities require root shell access for exploitation.
As a workaround, Aruba has recommended its users restrict the CLI and web-based management interfaces to a dedicated layer 2 segment or by firewall policies at layer 3 and above.
“HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.” reads the security advisory by Aruba.
For detailed information about these vulnerabilities, it is recommended to check the security advisory released by Aruba.
| Affected Products | Affected Software Versions | End-of-support products (Patches will not be released) | Fixed in versions |
| 9200 Series Mobility Controllers and SD-WAN Gateways9000 Series Mobility Controllers and SD-WAN Gateways | ArubaOS 10.4.x.x: 10.4.0.1 and belowArubaOS 8.11.x.x: 8.11.1.0 and belowArubaOS 8.10.x.x: 8.10.0.6 and belowArubaOS 8.6.x.x: 8.6.0.21 and below | ArubaOS 10.3.x.x: allArubaOS 8.9.x.x: allArubaOS 8.8.x.x: allArubaOS 8.7.x.x: allArubaOS 6.5.4.x: allSD-WAN 8.7.0.0-2.3.0.x: allSD-WAN 8.6.0.4-2.2.x.x: all | ArubaOS 10.4.x.x: 10.4.0.2 and aboveArubaOS 8.11.x.x: 8.11.1.1 and aboveArubaOS 8.10.x.x: 8.10.0.7 and aboveArubaOS 8.6.x.x: 8.6.0.22 and above |
Users of these products are recommended to upgrade to the latest ArubaOS versions to fix these vulnerabilities and prevent them from getting exploited.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed…
Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria Stealer,"…
Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass,…
The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly sophisticated…
Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations designed…
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored…