There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
The vulnerability results from a stack buffer overflow (CWE-121) in the SAE service handling the PAPI protocol — Aruba access point management protocol operating on UDP port 8211. An attacker can send specially crafted network packets directly to this port, triggering a buffer overflow and gaining control over the process execution flow. Exploitation does not require any authentication or user interaction, making it particularly dangerous in environments with network access to the management port.
Successful exploitation allows an attacker to execute arbitrary code with privileged user permissions at the operating system level of the device, resulting in complete takeover of the access point.
Apply patches available from the manufacturer in accordance with the following references: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us and https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt. As a temporary measure, it is recommended to restrict access to UDP port 8211 (PAPI) exclusively to trusted management hosts using a firewall or ACL lists.
Aruba ArubaOS and HP InstantOS — versions specified in manufacturer references (ARUBA-PSA-2024-006 and HPE Security Bulletin hpesbnw04647en_us)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArubanetworks Arubaos
OSArubanetworks10.3.0.0 – 10.4.1.1 (bez)10.5.0.0 – 10.5.1.1 (bez)HP Instantos
OSHp6.4.0.0 – 8.6.0.24 (bez)8.7.0.0 – 8.10.0.11 (bez)
Related vulnerabilities
RCE bez uwierzytelnienia w AP Certificate Management Service (ArubaOS/InstantOS)
RCE w Soft AP Daemon Service — ArubaOS i InstantOS (KRYTYCZNY)
RCE w Soft AP Daemon Service — ArubaOS i InstantOS
Buffer overflow w usłudze Central Communications Aruba – nieuwierzytelnione RCE
Buffer overflow w CLI service ArubaOS/InstantOS umożliwiający zdalny RCE