-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aruba Product Security Advisory
===============================

Advisory ID: ARUBA-PSA-2015-011
CVE: CVE-2015-5437 
Publication Date: 2015-Nov-30
Status: Confirmed
Revision: 1


Title
=====
ArubaOS Multiple Vulnerabilities
 

Overview
========
This advisory covers three vulnerabilities in ArubaOS:
 - Reflected Cross-Site Scripting
 - Cross-Site Request Forgery
 - Crafted frame causes AP-225 reboot


Affected Products
=================

 -- ArubaOS 6.3 up to, but not including, 6.3.1.19
 -- ArubaOS 6.4 up to, but not including, 6.4.2.13 and 6.4.3.4


Details
=======

  Reflected Cross-Site Scripting
  ------------------------------
  A reflected cross-site scripting vulnerability is present in the a monitoring page in the WebUI.  If an 
  administrator were tricked into clicking on a malicious URL while logged into an Aruba controller's
  management interface, this vulnerability could potentially reveal a session cookie.

  Severity: Low
  CVSSv2 Overall Score: 3.6
  CVSSv2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N)

  Discovery: This vulnerability was posted to a public website.  The author did not practice responsible
  disclosure by coordinating with Aruba Networks.  Aruba does not provide public acknowledgement for
  irresponsible vulnerability disclosure.


  Cross-Site Request Forgery  (CVE-2015-5437)
  -------------------------------------------
  Most configuration-related pages in the ArubaOS management UI are protected against cross-site request
  forgery (CSRF) through the use of a unique, random token.  It was found that certain operations which
  could reveal sensitive information, such as the controller configuration file, were not protected
  against CSRF.  If an administrator were tricked into clicking on a malicious URL while logged into an
  Aruba controller's management interface, this vulnerability could leak sensitive information to an
  attacker.

  Severity: Low
  CVSSv2 Overall Score: 3.6
  CVSSv2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N)

  Discovery: This vulnerability was posted to a public website.  The author did not practice responsible
  disclosure by coordinating with Aruba Networks.  Aruba does not provide public acknowledgement for
  irresponsible vulnerability disclosure.


  Crafted Frame Causes AP-225 Reboot
  ----------------------------------
  Sending a specific malformed wireless frame to an AP-225 may cause the AP to reboot. Aruba inadvertently
  documented this in ArubaOS release notes before a security advisory could be issued. We regret the
  error and have taken steps to prevent future accidental disclosures of availability threats.

  Severity: Medium
  CVSSv2 Overall Score: 4.3
  CVSSv2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

  Discovery: This issue was discovered through a customer TAC case.


Workarounds
===========
 -- While actively managing an Aruba controller through the WebUI, be cautious about clicking on links in
    emails or on questionable web pages.
 -- Using separate browsers to access the Aruba WebUI and other websites will mitigate XSS and CSRF issues.


Resolution
==========
The vulnerabilities have been addressed in the following versions:

 -- ArubaOS 6.3.1.19
 -- ArubaOS 6.4.2.13
 -- ArubaOS 6.4.3.4
 -- ArubaOS 6.4.4.0


Obtaining Fixed Software
========================

Aruba customers can obtain software updates on the support website:
	http://support.arubanetworks.com


Aruba Support contacts are as follows:

	+1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)
	
	+1-408-754-1200 (toll call from anywhere in the world)

	The full contact list is at:
	http://www.arubanetworks.com/support-services/support-program/contact-support/

	e-mail: support(at)arubanetworks.com

Please do not contact "sirt(at)arubanetworks.com" for software upgrades.


Revision History
================

      Revision 1.0 / 2015-Nov-30 / Initial release


Aruba SIRT Security Procedures
==============================

Complete information on reporting security vulnerabilities in Aruba Networks
products, obtaining assistance with security incidents is available at:

http://www.arubanetworks.com/support-services/security-bulletins/
   
  
For reporting *NEW* Aruba Networks security issues, email can be sent to
sirt(at)arubanetworks.com. For sensitive information we encourage the use of 
PGP encryption. Our public keys can be found at:

http://www.arubanetworks.com/support-services/security-bulletins/


(c) Copyright 2015 by Aruba, a Hewlett Packard Enterprise company
This advisory may be redistributed freely after the release date given at
the top of the text, provided that redistributed copies are complete and
unmodified, including all date and version information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWW3TGAAoJEJj+CcpFhYbZKvcH/26cN2N6z7g2yO69w/fAN8mo
9BZaw65Qf/gzLUU24bMNUUIBoDNC5rNzZg+9WDWfqtY3C1Fr8zj+tfqYBEqjhDKG
FNewTb7rYC7jGUCuj1IYTUzLi4hsNzjlYZ2u00oEX77wqFoUrienQ/CzXGI2shLe
Lk+hUg008IoSX5PHmAeDY0fS9nZqQiL1ceXDyrRiLwKvg+hjc/UB2AHcMHsWAXA7
Vgy0ZZ1/9TgWnPwUQuktEFxPFiWYLuw4g3xyEYyrohwYdG0T8j1CVfXwFkpQD05I
nm2KD1DoQoB4FRHyCNoMQjO/gpvf/BD3wToM9yV4NUrGHt+g3OD934rWatC7ZEE=
=KAL1
-----END PGP SIGNATURE-----