_summary

Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

Aruba Product Security Advisory

Advisory ID: ARUBA-PSA-2022-003
CVE: CVE-2021-4034
Publication Date: 2022-Feb-01
Last Update: 2022-Feb-23
Status: Confirmed
Severity: Medium

Overview

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program installed in many major Linux distributions. Exploitation of this vulnerability allows for any unprivileged local user to gain full root privileges on the affected host.

More information about this vulnerability can be found at here

Affected Products

  • Aruba Analytics and Location Engine:
  • ALE 2.2.0.x: 2.2.0.1 and below
  • Aruba Central On Prem (COP)
  • Aruba ClearPass Policy Manager
  • CPPM 6.10.x: 6.10.3 and below
  • CPPM 6.9.x: 6.9.9 and below
  • CPPM 6.8.x: 6.8.9-HF1 and below
  • CPPM 6.7.x: All versions 6.7.x and below
  • Silver Peak Orchestrator: For details visit the Aruba site

Unaffected Products

  • AirWave Management Platform
  • Aruba Instant / Aruba Instant Access Points
  • ArubaOS Wi-Fi Controllers and Gateways
  • ArubaOS SD-WAN Gateways
  • ArubaOS-CX Switches
  • ArubaOS-S Switches
  • HP ProCurve Switches
  • Aruba Instant On
  • Aruba IntroSpect
  • Aruba Fabric Composer (AFC) and Plexxi Composable Fabric Manager (CFM)
  • Aruba NetEdit
  • Aruba User Experience Insight (UXI)
  • Aruba VIA Client
  • Silver Peak Edge Connect

Details

A vulnerability in a commonly installed operating system component has been identified in some Aruba products. This allows for a lower privileged local user with the ability to run arbitrary shell commands to escalate to root privilege on the underlying operating system.

Affected products do not allow users to have local access to an unrestricted underlying operating system command shell during normal operation. Because of this, exploitation of this flaw in Aruba products would occur as part of an attack chain involving another security vulnerability and would not be easily exploitable during regular operation of the product.

Resolution

Aruba is currently working on fixes for all affected products. Patch details will be published in this section.

  • Aruba Analytics and Location Engine (ALE):
  • ALE 2.2.0.x: 2.2.0.2 and above
  • Aruba Central On Prem (COP)
  • Aruba ClearPass Policy Manager:
  • CPPM 6.10.x: 6.10.3-HF1 or 6.10.4 and above
  • CPPM 6.9.x: 6.9.9-HF1 or 6.9.10 and above
  • CPPM 6.8.x: 6.8.9-HF2 and above

Workaround and Mitigations

To minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment or VLAN and/or controlled by firewall policies at layer 3 and above.