ArubaOS Critical Vulnerability Allows Remote Code Execution by Attackers

Multiple vulnerabilities in ArubaOS affect HPE Aruba Networking devices, including Mobility Conductor, Mobility Controllers WLAN Gateways, and SD-WAN Gateways managed by Aruba Central. These vulnerabilities involve Unauthenticated Buffer Overflow (CVE-2024-26305, CVE-2024-26304, CVE-2024-33511, CVE-2024-33512, and CVE-2024-33518) and Unauthenticated Denial-of-Service (CVE-2024-33513, CVE-2024-33514, CVE-2024-33515, CVE-2024-33516, CVE-2024-33517, and CVE-2024-33518).

These vulnerabilities, ranging from 5.3 (Medium) to 9.8 (Critical) in severity, are all linked to the PAPI (Protocol Application Programming Interface) protocol.

ArubaOS Critical Vulnerability

Unauthenticated Buffer Overflow Vulnerability

This vulnerability, present in multiple areas, could enable threat actors to execute unauthenticated remote code on vulnerable systems.

Exploiting this vulnerability could result in the execution of arbitrary code with elevated privileges. The vulnerability exists in various components with different severities:

• Utility Daemon (CVE-2024-26305 – 9.8 (Critical))
• L2/L3 Management Service (CVE-2024-26304 – 9.8 (Critical))
• Automatic Reporting Service (CVE-2024-33511 – 9.8 (Critical))
• Local User Authentication Database (CVE-2024-33512 – 9.8 (Critical))

Unauthenticated Denial-Of-Service

This vulnerability enables a threat actor to disrupt the normal functioning of the affected product, rendering it inoperable. The vulnerability occurs in multiple components with the following severities:

• AP Management Service (CVE-2024-33513, CVE-2024-33514, CVE-2024-33515 – 5.9 (Medium))
• Auth Service (CVE-2024-33516 – 5.3 (Medium))
• Radio Frequency Manager Service (CVE-2024-33517 – 5.3 (Medium))
• Radio Frequency Daemon (CVE-2024-3518 – 5.3 (Medium))

Affected Products and Fixed Versions

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!