Aruba has released patches for ArubaOS to address several critical security vulnerabilities.



These patches address vulnerabilities that impact Aruba Mobility Conductor, Aruba Mobility Controllers, WLAN Gateways, and SD-WAN Gateways managed by Aruba Central. Successful exploitation of these vulnerabilities can give malicious actors the ability to execute arbitrary code as a privileged user. Aruba has provided a workaround for these critical vulnerabilities, but they advise users to update their products as soon as possible.

In addition, Aruba has revealed six critical-severity vulnerabilities that affect Aruba's proprietary network operating system, ArubaOS. The vulnerabilities are present in Aruba Mobility Conductor, Aruba Mobility Controllers, WLAN Gateways, and SD-WAN Gateways managed by Aruba Central. Multiple command injection vulnerabilities were discovered that could lead to unauthenticated remote code execution when packets destined for the PAPI UDP port are crafted in a specific way. Two stack-based buffer overflow vulnerabilities were also found.

Users can enable Enhanced PAPI Security with a non-default key as a temporary measure to prevent exploitation of these vulnerabilities. Additionally, other lower severity vulnerabilities have also been patched. Aruba is urging users to upgrade to the latest available versions as soon as possible. End of Life versions of ArubaOS and SD-WAN software are still vulnerable to these issues.

Armis researchers will continue studying various devices to enhance their knowledge base and furnish partners and clients with up-to-date tools to mitigate cybersecurity threats.

Interception portals are web pages that appear when new users connect to Wi-Fi or cable networks. They usually require authentication, payment, or user agreement to grant access to various network resources. Attackers can exploit TLStorm 2.0 vulnerabilities to remotely execute code through a switch using an intercepting portal, which can compromise the corporate network.

Aruba devices face several critical security issues, including CVE-2022-23677 (9.0 CVSS points), a NanoSSL vulnerability leading to RCE in intercepting portals and RADIUS authentication clients; and CVE-2022-23676 (9.1 CVSS points), which allows attackers to compromise RADIUS client memory integrity and remotely execute code on the switch. Avaya switches also pose serious threats, with three vulnerabilities in their web management portal requiring no authentication or user action.

Affected Aruba devices include various Aruba series from 2920 to 5400R. By tightening security protocols and upgrading to protected firmware versions, users can eliminate these vulnerabilities. Companies should take steps towards implementing enhanced network security measures to avoid exposing their networks to increasingly sophisticated cyber attacks.

Aruba Mobility Controllers are network devices that provide centralized control and management of wireless access points (APs) in an Aruba wireless network. As with any network device, there is always a possibility of security vulnerabilities that could be exploited by malicious actors. To address these vulnerabilities, Aruba periodically releases firmware updates that fix and patch known security issues.

It's important to note that these updates typically address critical security vulnerabilities that could potentially compromise the security and integrity of the network. Some common types of vulnerabilities that fixed include:

1. Authentication Bypass: These vulnerabilities allow attackers to bypass the authentication mechanisms of the controller and gain unauthorized access to the network.
2. Denial-of-Service (DoS) Attacks: DoS vulnerabilities can be exploited to overwhelm the controller with excessive requests or malicious traffic, causing it to become unresponsive or crash.
3. Remote Code Execution: This type of vulnerability allows attackers to execute arbitrary code on the controller remotely, giving them complete control over the device and potentially the entire network.
4. Information Disclosure: These vulnerabilities allow unauthorized users to access sensitive information stored on the controller, such as configuration details, user credentials, or other confidential data.
5. Privilege Escalation: Privilege escalation vulnerabilities enable attackers to elevate their privileges on the controller, granting them higher levels of access and control than intended.

To keep your network secure, it is highly recommended to regularly update the firmware of Aruba Mobility Controllers and other networking devices. Additionally, maintaining a strong security posture, following best practices, and using additional security measures, such as firewalls and intrusion detection systems, can further enhance the security of the network.