-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aruba Product Security Advisory
===============================

Advisory ID: ARUBA-PSA-2015-004
CVE: CVE-2015-1388
Publication Date: 2015-03-18
Status: Confirmed, Fixed
Revision: 1



Title
=====
Aruba Remote Access Point (RAP) Command Injection
 

Overview
========

Aruba has identified a problem with the "RAP Console" feature used in 
Aruba access points operating in Remote AP mode.  


Affected Products
=================

 -- ArubaOS 5.x
 -- ArubaOS 6.1.x
 -- ArubaOS 6.2.x
 -- ArubaOS 6.3 prior to 6.3.1.15
 -- ArubaOS 6.4 prior to 6.4.2.4


Solution
========

Upgrade to one of the following software versions:
  -- ArubaOS 6.3.1.15 or later
  -- ArubaOS 6.4.2.4 or later

Note: ArubaOS 5.x, 6.1.x, and 6.2.x are no longer being actively developed, and
security patches are produced by default only for high-severity issues.
Customers who require patches for older versions should contact Aruba Technical Support
to make that request.


Details
=======

This vulnerability allows a local user to execute commands on the RAP's 
underlying operating system with the privilege level of "root".  Access
to the "RAP console" is available only to RAPs configured in bridge mode
or split-tunnel mode.

In order to protect customer networks, Aruba is providing no additional 
details in the initial advisory.  In accordance with our vulnerability
disclosure policy, Aruba will update this advisory in 60 days to provide
full details of the vulnerability.


Workaround
==========

Access to the "RAP console" interface may be disabled through use of a 
firewall rule.  See the ArubaOS User Guide section entitled, 
"Configuring an ACL to Restrict Local Debug Homepage Access" for details.
An example of this ACL follows:

 ip access-list session logon-control
   user localip svc-http deny
   user any permit

In the ACL above, the alias "localip" refers to the IP address of the RAP.
When applied to user traffic, this ACL would deny local users the ability
to establish an HTTP session with the RAP.


Vulnerability Metrics
=====================

Vulnerability Class: Improper Neutralization of Special Elements used in an OS Command (CWE-78)
Severity: Low
CVSSv2 Overall Score: 3.0
CVSSv2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:N)


Discovery
=========

This issue was reported to Aruba's TAC by a customer.


Obtaining Fixed Software
========================

Aruba customers can obtain software updates on the support website:
	http://support.arubanetworks.com


Aruba Support contacts are as follows:

	+1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)
	
	+1-408-754-1200 (toll call from anywhere in the world)

	The full contact list is at:
	http://www.arubanetworks.com/support-services/support-program/contact-support/

	e-mail: support(at)arubanetworks.com

Please do not contact "sirt(at)arubanetworks.com" for software upgrades.


Revision History
================

      Revision 1.0 / 2015-Mar-18 / Initial release


Aruba SIRT Security Procedures
==============================

Complete information on reporting security vulnerabilities in Aruba Networks
products, obtaining assistance with security incidents is available at:

http://www.arubanetworks.com/support-services/security-bulletins/
   
  
For reporting *NEW* Aruba Networks security issues, email can be sent to
sirt(at)arubanetworks.com. For sensitive information we encourage the use of 
PGP encryption. Our public keys can be found at:

http://www.arubanetworks.com/support-services/security-bulletins/


(c) Copyright 2015 by Aruba Networks, Inc.
This advisory may be redistributed freely after the release date given at
the top of the text, provided that redistributed copies are complete and
unmodified, including all date and version information.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVA398AAoJEJj+CcpFhYbZlG4H/iHP+/sFBH/MDD1LlzbzLrfx
O2bt+IXOILXPcEbrMt0b+aGlIOk6WnA9ScB4p6d4hhBC52Fch/2rvgGIFwHxtR0+
euNoI1qowlbajF/kmiXPIE7WS+FhihDry9wIwEFHCgfogPtZIVmuUP0wgaAqk2hp
aqjWjqLCcO5hMWvLJjXchzs5WBkUGHQX4Oi9t9AOVRxsp3tj+r9xSy8tyrOEDPVI
AO5fTHHgL5E9r8b+1ub7Zd9YiPnk7VVB+iejTot03z2WsH3UVwTpKlf2ZpLoXsXu
LNhrS0+DJLSvh8UtOV8OBlI87pxzXiWIZRWDipTahPBOA7gwfWSsxQf3yayZrEc=
=VzGR
-----END PGP SIGNATURE-----