Detections
Analytics

ArubaOS 10.4.x < 10.4.1.4, 10.6.x < 10.6.0.1 Multiple Vulnerabilities (HPESBNW04678)

medium Nessus Plugin ID 205308

Language:

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The version of ArubaOS installed on the remote host is affected by multiple vulnerabilities:

 - In OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. The impact of this vulnerability on InstantOS 8.x and ArubaOS 10.x running on HPE Aruba Networking Access Points has not been confirmed, but the version of OpenSSH has been upgraded for mitigation. (CVE-2023-51385)

 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. The impact of this vulnerability on HPE Aruba Networking Access Points has not been confirmed, but the version of OpenSSH in InstantOS and ArubaOS 10.x software has been upgraded for mitigation.
 (CVE-2023-48795)

 - Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. (CVE-2024-42398, CVE-2024-42399, CVE-2024-42400)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the ArubaOS version mentioned in the vendor advisory.

See Also

http://www.nessus.org/u?ab07c9c4

Plugin Details

Severity: Medium

ID: 205308

File Name: arubaos-aruba-HPESBNW04678.nasl

Version: 1.3

Type: combined

Family: Misc.

Published: 8/9/2024

Updated: 11/8/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2023-51385

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:arubanetworks:arubaos, cpe:/o:hp:arubaos

Required KB Items: installed_sw/ArubaOS

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/2/2024

Vulnerability Publication Date: 8/2/2024

Reference Information

CVE: CVE-2023-48795, CVE-2023-51385, CVE-2024-42398, CVE-2024-42399, CVE-2024-42400

IAVA: 2024-A-0468-S