There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
The vulnerability (CWE-121 — stack-based buffer overflow) is located in the PAPI protocol handling layer, which is Aruba's access point management protocol running on UDP port 8211. An attacker can send specially crafted packets to this port, causing a buffer overflow on the stack in the CLI service. Successful exploitation of the vulnerability allows arbitrary code execution with the privileges of a privileged system user, without the need to possess any credentials.
An attacker gains the ability to execute arbitrary code with the privileges of a privileged user on the device's operating system, which means complete takeover of the access point or network controller.
Apply patches available from the manufacturer in accordance with the references: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us and https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt. As a temporary workaround, it is recommended to restrict access to UDP port 8211 (PAPI) exclusively to trusted hosts using firewall or ACL lists on edge devices.
Devices running ArubaOS (Aruba Networks) and HP InstantOS — specific versions indicated in the manufacturer's references (ARUBA-PSA-2024-006 and HPE Security Bulletin hpesbnw04647)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArubanetworks Arubaos
OSArubanetworks10.3.0.0 – 10.4.1.1 (bez)10.5.0.0 – 10.5.1.1 (bez)HP Instantos
OSHp6.4.0.0 – 8.6.0.24 (bez)8.7.0.0 – 8.10.0.11 (bez)
Related vulnerabilities
RCE bez uwierzytelnienia w AP Certificate Management Service (ArubaOS/InstantOS)
RCE w Soft AP Daemon Service — ArubaOS i InstantOS (KRYTYCZNY)
RCE w Soft AP Daemon Service — ArubaOS i InstantOS
Buffer overflow w usłudze SAE Aruba ArubaOS / InstantOS — nieuwierzytelniony RCE
Buffer overflow w usłudze Central Communications ArubaOS/InstantOS — nieuwierzytelniony RCE