Critical RCE vulnerabilities in HPE Aruba Networking access points: CVE-2024-42509 and CVE-2024-47223

ISGroup Cybersecurity

On November 5, 2024, HPE published a security bulletin regarding two critical vulnerabilities, CVE-2024-42509 and CVE-2024-47460, affecting Aruba Networks access points. These vulnerabilities concern the Aruba access point management protocol, PAPI (UDP port 8211), and could allow unauthenticated remote code execution (RCE) via specially crafted packets. Although no active exploitation has been observed at this time, the severity of these vulnerabilities makes them an attractive target for malicious actors, particularly those seeking privileged access to networks.

ProductAruba Networks Access Points
Date2024-11-11 17:10:46
Information
  • Trending
  • Fix Available

Technical Summary

The vulnerabilities in question allow unauthenticated attackers to perform command injection attacks by sending malicious packets to the PAPI protocol on UDP port 8211. If exploited, these vulnerabilities could lead to remote code execution (RCE) with privileged access on the affected Aruba access points. This could allow attackers to compromise the devices and gain control of the network infrastructure. Although no public proof-of-concept (PoC) exploits have been identified, the risks associated with these vulnerabilities remain high, especially since attackers could reverse-engineer the patches to target unpatched systems.

Recommendations

Update to the latest patched version:

  • HPE recommends updating to the following versions containing the fixes:
  • Aruba Access Points (AOS-10.4.x.x): update to version 10.4.1.5 or higher.
  • Aruba Access Points (AOS-10.7.x.x): update to version 10.7.0.0 or higher.
  • Instant AOS-8.12.x.x: update to version 8.12.0.3 or higher.
  • Instant AOS-8.10.x.x: update to version 8.10.0.14 or higher.

Temporary workarounds for unpatched systems:

  • For devices running Instant AOS-8, enabling cluster security via the cluster-security command mitigates the vulnerability.
  • For devices running AOS-10, it is recommended to block access to UDP port 8211 from untrusted networks to reduce the attack surface.

[Callforaction-THREAT-Footer]