There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
The vulnerability includes two types of errors: out-of-bounds write (CWE-787) and information disclosure (CWE-200). An attacker can send specially crafted requests to the Soft AP Daemon Service without any authentication, leading to the execution of arbitrary commands in the context of the device's operating system. The attack vector is network-based, requires no user interaction or any privileges on the attacker's side.
Successful exploitation leads to complete takeover of the system — the attacker can execute arbitrary commands at the operating system level of the device, resulting in complete violation of confidentiality, integrity, and availability.
Apply patches available from the manufacturer according to the references — detailed information about versions that fix the vulnerability is provided in the HPE security bulletin: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US
Aruba Networks products: ArubaOS and HP InstantOS — versions indicated in the manufacturer's references (HPE Security Bulletin HPESBNW04678).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArubanetworks Arubaos
OSArubanetworks10.3.0.0 – 10.4.1.4 (bez)10.5.0.0 – 10.6.0.1 (bez)HP Instantos
OSHp6.4.0.0 – 8.10.0.13 (bez)8.12.0.0 – 8.12.0.2 (bez)
Related vulnerabilities
RCE bez uwierzytelnienia w AP Certificate Management Service (ArubaOS/InstantOS)
RCE w Soft AP Daemon Service — ArubaOS i InstantOS
Buffer overflow w usłudze Central Communications Aruba – nieuwierzytelnione RCE
Buffer overflow w CLI service ArubaOS/InstantOS umożliwiający zdalny RCE
Buffer overflow w CLI service ArubaOS/InstantOS — nieuwierzytelniony RCE