Multiple Flaws in ArubaOS Switches Let Attackers Execute Remote Code

Multiple vulnerabilities have been identified in ArubaOS-Switch Switches, specifically pertaining to Stored Cross-site Scripting (Stored XSS), Denial of Service (DoS), and Memory corruption.

Aruba has taken measures to mitigate these vulnerabilities and has subsequently published a security advisory.

ArubaOS-Switch is owned by Aruba Networks, a Hewlett Packard Enterprise subsidiary. This allows users to manage their networks from a centralized location. Aruba Networks manufactures several networking products.

CVE-2023-39266: Unauthenticated Stored Cross-Site Scripting

This vulnerability exists in the web management interface on ArubaOS-Switch which could allow an unauthenticated threat actor to exploit a Stored XSS attack. This attack can be conducted against a user of the Aruba Web management interface under certain configurations.

If an attacker is able to succeed in exploiting this vulnerability, it can allow a threat actor to execute arbitrary script code on the affected interface. The CVSS score for this vulnerability has been given as 8.3 (High).

CVE-2023-39267: Authenticated Denial of Service Vulnerability

The Command Line Interface (CLI) of ArubaOS-Switch has been identified to be vulnerable to an authenticated remote code execution which can lead to a Denial-of-Service condition. The CVSS Score for this vulnerability has been given as 6.6 (Medium).

CVE-2023-39268: Memory Corruption Vulnerability

An attacker can exploit this vulnerability by sending specially crafted packets to the ArubaOS-Switch, leading to an unauthenticated remote code execution. This vulnerability arises as a part of a memory corruption vulnerability in the ArubaOS-Switch.

The CVSS score for this vulnerability has been given as 4.5 (Medium).

Affected Products & Fixed in Version

The affected products include HPE Aruba Networking Switch Models,

  • Aruba 5400R Series Switches
  • Aruba 3810 Series Switches
  • Aruba 2920 Series Switches
  • Aruba 2930F Series Switches
  • Aruba 2930M Series Switches
  • Aruba 2530 Series Switches
  • Aruba 2540 Series Switches
Software Branch Versions Fixed in Version
ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below.ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below.ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below.ArubaOS-Switch 16.09.xxxx: All versions.ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below.ArubaOS-Switch 16.07.xxxx: All versions.ArubaOS-Switch 16.06.xxxx: All versions.ArubaOS-Switch 16.05.xxxx: All versions.ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below.ArubaOS-Switch 16.03.xxxx: All versions.ArubaOS-Switch 16.02.xxxx: All versions.ArubaOS-Switch 16.01.xxxx: All versions.ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below. ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0013 and above.ArubaOS-Switch 16.10.xxxx: WB.16.10.0024 and above.ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0027 and above.ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0027 and above.ArubaOS-Switch 15.xx.xxxx: A.15.16.0026 and above.

“16.10.xxxx:KB/WC/YA/YB/YC will not receive fixes for these vulnerabilities. Upgrading to KB/WC/YA/YB/YC.16.11.0013 and above will address these vulnerabilities.” reads the advisory by Aruba Networks.

Additionally, Aruba also provided workarounds for addressing these vulnerabilities in which they mentioned that “To minimize the likelihood of an attacker exploiting these vulnerabilities, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above”.

One of these vulnerabilities (CVE-2023-39266) has been publicly disclosed with a Proof-of-concept which can be found here. Users of these products are recommended to upgrade to the latest version to fix these vulnerabilities and prevent them from getting exploited.

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.

Leave a Reply

Your email address will not be published. Required fields are marked *