-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2015-004 CVE: CVE-2015-1388 Publication Date: 2015-03-18 Status: Confirmed, Fixed Revision: 1 Title ===== Aruba Remote Access Point (RAP) Command Injection Overview ======== Aruba has identified a problem with the "RAP Console" feature used in Aruba access points operating in Remote AP mode. Affected Products ================= -- ArubaOS 5.x -- ArubaOS 6.1.x -- ArubaOS 6.2.x -- ArubaOS 6.3 prior to 6.3.1.15 -- ArubaOS 6.4 prior to 6.4.2.4 Solution ======== Upgrade to one of the following software versions: -- ArubaOS 6.3.1.15 or later -- ArubaOS 6.4.2.4 or later Note: ArubaOS 5.x, 6.1.x, and 6.2.x are no longer being actively developed, and security patches are produced by default only for high-severity issues. Customers who require patches for older versions should contact Aruba Technical Support to make that request. Details ======= This vulnerability allows a local user to execute commands on the RAP's underlying operating system with the privilege level of "root". Access to the "RAP console" is available only to RAPs configured in bridge mode or split-tunnel mode. In order to protect customer networks, Aruba is providing no additional details in the initial advisory. In accordance with our vulnerability disclosure policy, Aruba will update this advisory in 60 days to provide full details of the vulnerability. Workaround ========== Access to the "RAP console" interface may be disabled through use of a firewall rule. See the ArubaOS User Guide section entitled, "Configuring an ACL to Restrict Local Debug Homepage Access" for details. An example of this ACL follows: ip access-list session logon-control user localip svc-http deny user any permit In the ACL above, the alias "localip" refers to the IP address of the RAP. When applied to user traffic, this ACL would deny local users the ability to establish an HTTP session with the RAP. Vulnerability Metrics ===================== Vulnerability Class: Improper Neutralization of Special Elements used in an OS Command (CWE-78) Severity: Low CVSSv2 Overall Score: 3.0 CVSSv2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:N) Discovery ========= This issue was reported to Aruba's TAC by a customer. Obtaining Fixed Software ======================== Aruba customers can obtain software updates on the support website: http://support.arubanetworks.com Aruba Support contacts are as follows: +1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) The full contact list is at: http://www.arubanetworks.com/support-services/support-program/contact-support/ e-mail: support(at)arubanetworks.com Please do not contact "sirt(at)arubanetworks.com" for software upgrades. Revision History ================ Revision 1.0 / 2015-Mar-18 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: http://www.arubanetworks.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to sirt(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: http://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2015 by Aruba Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJVA398AAoJEJj+CcpFhYbZlG4H/iHP+/sFBH/MDD1LlzbzLrfx O2bt+IXOILXPcEbrMt0b+aGlIOk6WnA9ScB4p6d4hhBC52Fch/2rvgGIFwHxtR0+ euNoI1qowlbajF/kmiXPIE7WS+FhihDry9wIwEFHCgfogPtZIVmuUP0wgaAqk2hp aqjWjqLCcO5hMWvLJjXchzs5WBkUGHQX4Oi9t9AOVRxsp3tj+r9xSy8tyrOEDPVI AO5fTHHgL5E9r8b+1ub7Zd9YiPnk7VVB+iejTot03z2WsH3UVwTpKlf2ZpLoXsXu LNhrS0+DJLSvh8UtOV8OBlI87pxzXiWIZRWDipTahPBOA7gwfWSsxQf3yayZrEc= =VzGR -----END PGP SIGNATURE-----