The Armis Research Team has discovered multiple heap overflow vulnerabilities with various networking vendors. ArubaOS-Switch devices are affected by these vulnerabilities in the affected versions. Exploitation of these vulnerabilities allow for attackers to execute arbitrary code on the affected device.
More information about these vulnerabilities can be found at: https://www.armis.com/research/tlstorm
Customers using the following switch models and firmware versions are affected by the vulnerabilities listed in this advisory.
Aruba Switch Models:
- Aruba 5400R Series Switches
- Aruba 3810 Series Switches
- Aruba 2920 Series Switches
- Aruba 2930F Series Switches
- Aruba 2930M Series Switches
- Aruba 2530 Series Switches
- Aruba 2540 Series Switches
Software branch versions:
- ArubaOS-Switch 15.xx.xxxx: All versions.
- ArubaOS-Switch 16.01.xxxx: All versions.
- ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below.
- ArubaOS-Switch 16.03.xxxx: All versions.
- ArubaOS-Switch 16.04.xxxx: All versions.
- ArubaOS-Switch 16.05.xxxx: All versions.
- ArubaOS-Switch 16.06.xxxx: All versions.
- ArubaOS-Switch 16.07.xxxx: All versions.
- ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below.
- ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below.
- ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below.
- ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below.
Any other Aruba products not listed above, including other models of ArubaOS-Switches, ArubaOS-CX Switches, Aruba Intelligent Edge Switches and HPE OfficeConnect Switches are not affected by these vulnerabilities.
Multiple heap overflow vulnerabilities have been discovered in the ArubaOS-Switch firmware. Successful exploitation of these vulnerabilities could result in the ability to execute arbitrary code.
Exploitation of these vulnerabilities requires the interaction of an affected switch with an attacker controlled source of RADIUS access challenge messages. Because of this, exploitation of these vulnerabilities would most likely occur as part of an attack chain building upon previous exploitation of customer controlled infrastructure.
Internal reference: APVOS-14
Severity: Critical
CVSSv3.1 Overall Score: 9.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Resolution:
- ArubaOS-Switch 15.16.xxxx: Version still pending.
This advisory will be updated.
- ArubaOS-Switch 16.02.xxxx: K.16.02.0034 and above.
- ArubaOS-Switch 16.04.xxxx: Version still pending.
This advisory will be updated.
- ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0025 and above.
- ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0020 and above.
- ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0020 and above.
- ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0004 and above.
Multiple heap overflow vulnerabilities related to the Mocana cryptographic library have been discovered in the ArubaOS-Switch firmware. Successful exploitation of these vulnerabilities could result in the ability to execute arbitrary code.
Exploitation of these vulnerabilities requires the interaction of an affected switch with an attacker controlled source of RADIUS access challenge messages. Because of this, exploitation of these vulnerabilities would most likely occur as part of an attack chain building upon previous exploitation of customer controlled infrastructure.
Internal Reference: APVOS-14
Severity: Critical
CVSSv3.1 Overall Score: 9.0
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Resolution:
The firmware versions that address the vulnerabilities related to CVE-2022-23677 are still pending. This advisory will be updated.
For more information, please visit: Aruba security bulletin and the ncsc Security Advice