Archive of Security Advisories

Twelve new vulnerabilities related to different components in the implementation of the 802.11 standard have been published.

Successful exploitation of each one of these vulnerabilities can result in sensitive data disclosure and possibly traffic manipulation.

Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities.

Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.

A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. This vulnerability is present in some Aruba products which are listed below. For more information please see https://www.saddns.net/.

Aruba has released patches for Aruba Instant that address multiple security vulnerabilities.

Seven new vulnerabilities were reported in the open-source component dnsmasq. This collection of vulnerabilities has been made public under the name DNSpooq.

Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities.

Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.

A potential security vulnerability has been identified in certain HPE and Aruba L2/L3 switches. The vulnerability could be remotely exploited to cause memory corruption.

A security vulnerability has been identified in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.

Aruba has released updates to Airwave Glass that address multiple security vulnerabilities.

Aruba has released patches for ArubaOS that address multiple security vulnerabilities.

Aruba has released updates to Airwave Glass that address multiple security vulnerabilities.

Aruba has released updates to products affected by Linux Kernel vulnerabilities known as TCP SACK PANIC. Successful exploitation of the most severe of these vulnerabilities could allow a remote attacker to trigger a kernel panic and impact the system availability.

Four memory corruption vulnerabilities in the Aruba CX Switches have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of both LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) processes in the switch.

Aruba has released an update to Analytics and Location Engine (ALE) that addresses a high severity vulnerability in the Web Management Interface of this product.

Two vulnerabilities in the Aruba Intelligent Edge Switches web management interface have been found. Successful exploitation of these vulnerabilities could result in unauthorized administrative access to the switch.

A collection of vulnerabilities known as "Ripple20" affect the Treck TCP/IP stack implementation. Successful exploitation of these vulnerabilities could result in denial of service, information disclosure or remote code execution. This is a preliminary advisory based on initial investigation; it will be updated as new information becomes known. Aruba has not yet performed a complete analysis of impact; CVSS scores listed below represent the worst case scenario and actual severity may be less than reported here.

Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.

Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.

A timing flaw in certain Wi-Fi chip firmware may allow an attacker to decrypt a limited amount of WPA2-encrypted frames using a known all-zero key. Some Aruba products are affected by this vulnerability. This is a preliminary advisory based on initial investigation; it will be updated as new information becomes known.

Multiple Remote Code Execution Vulnerabilities have been uncovered in the AirWave Management Platform. An attacker who is able to exploit these vulnerabilities could run untrusted arbitrary commands or code on the AirWave platform. All three vulnerabilities require the attacker to be authenticated to the administrative interface of AirWave.

An information disclosure vulnerability is present in Aruba Intelligent Edge Switches which allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions.

Aruba has released updates to ArubaOS that address serious vulnerabilities present in some versions running on the Aruba Mobility Controller. An attacker could use these vulnerabilities to execute arbitrary code on the underlying operating system with full system privileges.

This is an update to ARUBA-PSA-2018-001. Since the publication of that advisory, a number of additional CPU side-channel attacks have been demonstrated and theorized, with names such as MDS (Microarchitectural Data Sampling), ZombieLoad, Fallout, RIDL and Store-to-Leak Forwarding. All of these techniques share similar traits. Aruba is not affected by these vulnerabilities. The text of this advisory will continue to apply to future related vulnerabilities unless Aruba issues an advisory to the contrary.

On April 10, 2019 a research paper by Mathy Vanhoef and Eyal Ronen was released documenting a series of potential vulnerabilities in implementations of WPA3 and EAP-pwd (RFC 5931). Details on EAP-pwd vulnerabilities have not yet been released. This advisory covers only WPA3 vulnerabilities.

Aruba has released updates to Aruba Instant (IAP) that address multiple serious vulnerabilities. The most significant vulnerability is rated CRITICAL with a CVSS score of 9.8.

Aruba has released an update to ClearPass Policy Manager that addresses multiple security vulnerabilities.

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.

Apache Struts versions 2.3 prior to 2.3.35 suffers from a possible Remote Code Execution vulnerability. After examination of the source code and extensive testing using both commercial vulnerability scanners and exploit-specific test scripts, Aruba has determined that ClearPass is not affected by the latest vulnerability in Apache Struts.

Two Linux kernel vulnerabilities, known as "SegmentSmack" and "FragmentSmack", have been publicly disclosed. The Linux kernel used by Aruba ClearPass Policy Manager and Aruba AirWave is affected. Other Aruba products are not affected.

The cryptography library used by Aruba Instant provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker may be able to recover private keys for X.509 certificates. This vulnerability is referred to as "ROBOT."

Aruba has released an update to ClearPass Policy Manager that addresses four security vulnerabilities.

Vulnerabilities exist in multiple modern CPU architectures that could permit an attacker to read the contents of memory. Aruba products are not affected by these vulnerabilities, based on how the products are accessed.

Common industry-wide flaws in WPA2 key management may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. The accompanying FAQ document provides more extensive details.

Multiple flaws are present in ArubaOS that may permit an unauthenticated user to access files, corrupt memory, and potentially execute remote code. Software updates are available to address these vulnerabilities.

Multiple serious vulnerabilities were reported in the open-source component "dnsmasq". These vulnerabilities primarily represent a denial-of-service risk, but they could also potentially be leveraged to lead to remote code execution.

Aruba has released an update to ClearPass Policy Manager that addresses two security vulnerabilities.

The Apache Struts group announced Struts version 2.3.34 on September 7, 2017. Included in this update were fixes for four security vulnerabilities. Aruba ClearPass makes use of Apache Struts. This advisory provides details on Aruba's exposure to these vulnerabilities: CVE-2017-9804 (Affected), CVE-2017-9793 (NOT affected), CVE-2017-9805 (NOT affected), CVE-2017-12611 (POSSIBLY affected).

Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of information.

A potential vulnerability in HPE Aruba AirWave Glass 1.0.0 and 1.0.1 could be remotely exploited to allow remote code execution.

An unauthenticated remote code execution vulnerability in the Apache Struts 2 package has been publicly reported. This advisory details Aruba's exposure to this vulnerability.

This week, Aruba expects a security consulting firm to publicly disclose two vulnerabilities in Aruba AirWave. The first is an XML External Entity (XXE) vulnerability, while the second is a reflected cross-site scripting (XSS) vulnerability. Both vulnerabilities exist in the VisualRF component of AirWave. Both vulnerabilities require authentication using valid administrative credentials.

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. Multiple Aruba products are built on top of Linux.

Multiple vulnerabilities have been fixed in ClearPass Policy Manager. Update to the latest supported version to address all vulnerabilities.

Multiple vulnerabilities exist in ClearPass Policy Manager. Given the severity of these issues, customers are urged to update their software immediately by applying a hotfix patch.

Multiple vulnerabilities have recently been fixed in ArubaOS.

Multiple vulnerabilities exist in ClearPass Policy Manager. Given the severity of these issues, customers are urged to update their software immediately.

Although this information was previously disclosed, an impending public disclosure by the Google Security Team (focused on Aruba Instant) will call out the vulnerable details of this protocol and bring it to the attention of the attacker community.

Multiple vulnerabilities exist in Aruba Instant. The contents of this advisory are subject to an impending public disclosure by the Google Security Team under a 90-day disclosure deadline; therefore customers are advised to treat this advisory urgently.

Multiple vulnerabilities exist in the AirWave Management Platform. The contents of this advisory are subject to an impending public disclosure by the Google Security Team under a 90-day disclosure deadline; therefore customers are advised to treat this advisory urgently.

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."

Multiple vulnerabilities exist in OpenSSL. For more details, see theoriginal OpenSSL advisory at https://www.openssl.org/news/secadv/20160301.txt.

A security vulnerability in the GNU C library is having widespread impact in the IT product vendor community. Aruba Networks is affected by this vulnerability and will be issuing multiple software updates.

This advisory covers three vulnerabilities in ArubaOS: Reflected Cross-Site Scripting, Cross-Site Request Forgery, and Crafted frame causes AP-225 reboot.

The NTP Project (www.ntp.org) announced multiple vulnerabilities in NTPD on October 21, 2015. For full details, see http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner. Multiple Aruba products incorporate NTPD and are vulnerable to a subset of the announced vulnerabilities.

Multiple vulnerabilities exist in ClearPass Policy Manager. Multiple vulnerabilities in this advisory have a severity of "high". Customers are encouraged to upgrade to ClearPass 6.4.7 or ClearPass 6.5.2 as soon as possible.

On July 9, 2015, the OpenSSL Project reported a high-severity vulnerability in certain versions of OpenSSL. The vulnerability affects processing of certificate trust chains. ClearPass version 6.5.2 was released on June 26, 2015 and contains OpenSSL version 1.0.1o, which is affected by the vulnerability.

Multiple vulnerabilities exist in OpenSSL. For more details, see the original OpenSSL advisory at https://www.openssl.org/news/secadv_20150319.txt. This is a preliminary advisory - revisions will be posted as new information becomes available.

Multiple vulnerabilities exist in ClearPass Policy Manager. One of these has a severity of "high".

Multiple vulnerabilities exist in AirWave.

Aruba has identified a problem with the "RAP Console" feature used in Aruba access points operating in Remote AP mode.

Multiple vulnerabilities exist in OpenSSL. For more details, see the original OpenSSL advisory at https://www.openssl.org/news/secadv_20150108.txt.

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST".

Aruba has identified a problem with Aruba Instant firmware which could allow an attacker to crash or clear the configuration of an access point through a wireless interface.

A component of ClearPass Policy Manager is vulnerable to a read-only SQL injection attack by an unauthenticated user with access to the data network or the management network.

Multiple vulnerabilities have been discovered in the Aruba ClearPass product family. Please upgrade to the latest release to resolve the discovered vulnerabilities.

On October 14, 2014, the Google Security Team announced a practical attack against the SSL 3.0 protocol that could allow an attacker to recover encrypted plaintext from an HTTPS session. This advisory describes Aruba's exposure to the attack.

A vulnerability has been found in some ArubaOS versions that may permit unauthenticated access to administrative interfaces of Aruba controllers.

On September 24, 2014, a public announcement was made regarding a vulnerability in the GNU 'bash' shell that could permit remote code execution. This vulnerability was assigned CVE-2014-6271 and fixes were published. The fix was incomplete, and a second vulnerability (CVE-2014-7169) was published. Over the following days, additional vulnerabilities (CVE-2014-6277 and CVE-2014-6278) were also made public.

On August 6, 2014, the OpenSSL Foundation announced multiple vulnerabilities in OpenSSL through the advisory at https://www.openssl.org/news/secadv_20140806.txt. A number of Aruba Networks products make use of OpenSSL. This advisory has been created to describe Aruba's exposure to these vulnerabilities.

SQL Injection and Credential Disclosure vulnerabilities have been discovered in Aruba Networks ClearPass Policy Manager. This advisory describes ClearPass' exposure to these vulnerabilities.

On June 5, 2014, the OpenSSL Foundation announced multiple vulnerabilities in OpenSSL through the advisory at http://www.openssl.org/news/secadv_20140605.txt. A number of Aruba Networks products make use of OpenSSL. This advisory has been created to describe Aruba's exposure to these vulnerabilities.

Denial of Service and code execution vulnerabilities in Apache Struts were revealed through CVE-2014-0050, CVE-2014-0094, CVE-2014-0112, and CVE-2014-0113. These could allow a malicious user to potentially cause a denial of service, or manipulate the ClassLoader thereby allowing remote code execution.

If ClearPass is configured to use tunneled and non-tunneled authentication methods within a single policy construct (Service), a network user with independent inner and outer identities could receive elevated network privileges while using a tunneled EAP method to connect to the network.

There is a very serious vulnerability that has been discovered in the OpenSSL 1.0.1 library. This vulnerability can allow an external attacker to extract segments of memory from a remote system without leaving any traces. This memory could contain vital security information, including private keys. These keys, in turn, could be used to mount a man-in-the-middle attack.

Remote code execution and redirection vulnerabilities in Apache Struts were revealed on 07/20/2013 through CVE-2013-2248 and CVE-2013-2251. These allow a malicious user to execute Struts OGNL expressions using Struts' action/redirect/redirectAction prefixes to evaluate OGNL expressions.

When customers use the default settings for Sponsorship Confirmation, there exists a possibility that anyone – not just the sponsor – could approve a request. This could allow unauthorized access to the guest network and whatever access it may have inside the organization.

On February 5, 2013 the OpenSSL Project issued three vulnerability notices regarding various versions of OpenSSL, an open-source cryptographic library. A number of Aruba Networks products make use of OpenSSL, including ArubaOS, AirWave, and ClearPass Policy Manager. This advisory provides information on how the OpenSSL vulnerabilities affect Aruba customers.

An OS command injection vulnerability has been discovered in the Aruba Remote Access Point's Diagnostic Web Interface. When running the diagnostic web interface, arbitrary system commands can be executed as the root user on the Remote device by an unauthenticated attacker.

A persistent Cross Site Scripting vulnerability (XSS) was discovered through which an attacker could plant an AP with maliciously crafted SSID in the general vicinity of the wireless LAN and might be able to trigger a XSS attack in the dashboard section of the ArubaOS Administration WebUI.

A persistent Cross Site Scripting vulnerability (XSS) was discovered where an attacker could plant an AP with maliciously crafted SSID in the general vicinity of the wireless LAN and might be able to trigger a XSS vulnerability in the reporting sections of the ArubaOS and AirWave Administration WebUIs.

A Denial of Service (DoS) vulnerability was discovered during standard bug reporting procedures. A malformed 802.11 probe request frame causes a crash on the Access Point (AP) causing a temporary DoS condition for wireless clients. Prior successful security association with the wireless network is not required to cause this condition. The AP recovers automatically by restarting itself.

This advisory addresses the renegotiation related vulnerability disclosed recently in Transport Layer Security protocol [1][2]. This vulnerability may allow a Man-in-the-Middle (MITM) attacker to inject arbitrary data into the beginning of the application protocol stream protected by TLS.

A Denial of Service (DoS) vulnerability was discovered during standard bug reporting procedures. A malformed 802.11 association request frame causes a crash on the Access Point (AP) causing a temporary DoS condition for wireless clients. Prior successful security association with the wireless network is not required to cause this condition. The AP recovers automatically by restarting itself.

A management user authentication bypass vulnerability was discovered during standard internal bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers using public key based SSH authentication for controller management users.

A Denial of Service (DoS) vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. A malformed EAP frame causes a process crash on the Aruba Mobility Controller causing a temporary DoS condition for new clients configured to use EAP authentication. Prior successful security association is not required to cause this condition. The Mobility Controller recovers automatically by restarting the affected process.

A user authentication vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers using TACACS authentication for Controller management users.

A user authentication vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. This vulnerability affects customers using versions at or below 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS using LDAP authentication for management and VPN (PAP-L2TP) users.

A session cookie vulnerability was discovered during an internal audit of the Aruba Mobility Controller.

Persistent XSS on Aruba 800 Mobility Controller's login page.

A buffer overflow vulnerability was discovered during an external security audit of the Aruba Mobility Controller. This vulnerability affects customers using all versions of the Aruba Controller beginning with version 2.4. Certain malformed inputs to the management interfaces (web UI or CLI) will cause the system to crash.

A privilege escalation vulnerability was discovered during an external security audit of the Aruba Mobility Controller. This vulnerability affects customers using all versions of the Aruba Controller beginning with version 2.3. Knowledge of this internal account may permit unauthorized access to the wireless LAN via the captive portal or VPN interfaces, as well as access to administrative functions of the Mobility Controller through the CLI and web UI and login interfaces.

CERT-FI has released today vulnerabilities in the IKE negotiation found by the tool developed by the Oulu University Secure Programming Group (OUSPG).

SSH tunneling (port forwarding) through the Aruba devices is allowed.

The NISCC (UK National Infrastructure Security Co-ordination Centre) has made public an advisory that describes three attacks that apply to certain configurations of IPsec. IP Security (IPsec) is a set of protocols developed by the Internet Engineering Task Force (IETF) to support secure exchange of packets at the IP layer; IPsec has been deployed widely, including wireless lan environments, to implement Virtual Private Networks (VPNs). These three attacks apply to certain IPsec configurations that use Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection being provided by a higher layer protocol. Some configurations using AH to provide integrity protection are also vulnerable.

The Internet Engineering Task Force has made available to the public a document that describes how to use the Internet Control Message protocol to perform multiple Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP), using modified ICMP packets.

Aruba switches are vulnerable to a PPTP exploit, even if the device is not configured to use this VPN feature due to a buffer overflow.

It was disclaimed by ISC, via CERT, that ISC DHCP contains C includes that define "vsnprintf" to "vsprintf" creating potential buffer overflow conditions.

Specially crafted DHCP packets cause a stack overflow in the Internet Software Consortium (ISC) DHCPD server. Aruba Networks products are not affected by this vulnerability.

A Denial of Service vulnerability for 802.11 devices was made public on 05/13/2004 by http://www.cert.org. The vulnerability alert disclosed how an attacker using an 802.11 device could mount a denial of service attack exploiting the CCA function of the 802.11 MAC. This attack would cause the 802.11 devices within the physical vicinity of the attacker to assume that the channel is busy and withhold their transmissions.

Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. Although the real impact of these vulnerabilities are unclear, they may lead to memory corruption and a possible denial-of-service situation.