-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2020-007 CVE: CVE-2019-5320, CVE-2019-5321 Publication Date: 2020-Aug-25 Status: Confirmed Revision: 1 Title ===== Multiple vulnerabilities in Web Management Interface for Aruba Intelligent Edge Switches Overview ======== Two vulnerabilities in the Aruba Intelligent Edge Switches web management interface have been found. Successful exploitation of these vulnerabilities could result in unauthorized administrative access to the switch. Affected Products ================= This vulnerability affects Aruba Intelligent Edge Switches: 5400R 3810 2920 2930 2530 with GigT Port 2530 10/100 port 2540 The following firmware versions for the aforementioned products are affected: 16.08.* before 16.08.0009 16.09.* before 16.09.0007 16.10.* before 16.10.0003 Details ======= Remote Unauthorized Access in the WebUI (CVE-2019-5321) --------------------------------------------------------------------- There is a vulnerability in the Web Management Interface that allows an attacker to gain access to the administration of the switch. This attack can only occur if a switch administrator is already logged into the switch Web Management Interface, and is convinced by an attacker to click on the specially crafted URL. Internal reference: ATLCP-87 Severity: High CVSSv3 Overall Score: 8.8 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Cross-Site Scripting (XSS) in the WebUI (CVE-2019-5320) --------------------------------------------------------------------- There is a vulnerability in the Web Management Interface that allows an attacker to inject JavaScript code by sending a crafted URL to the administrator user of the switch. This attack can only occur if a switch administrator is already logged into the switch Web Management Interface, and is convinced by an attacker to click on the specially crafted URL. Internal reference: ATLCP-87 Severity: Medium CVSSv3 Overall Score: 4.8 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Resolution ========== These vulnerabilities are resolved by updating to the following firmware versions: - 16.08.0014 - 16.09.0012 - 16.10.0009 Discovery ========= Aruba would like to thank the following researchers for discovering and reporting these vulnerabilities: David Cámara Galindo and Andrés Elizalde Galdeano Workarounds =========== The vulnerabilities listed above are exploited through network traffic directed to Web Management Interface (WebUI) of the switch itself; Therefore, the following workaround is recommended: - If updating to the latest version is not possible, disable web management where possible. If you need assistance disabling web management, contact Aruba support. Exploitation and Public Discussion ================================== Aruba is not aware of any public discussion or exploit code related to this issue. Revision History ================ Revision 1 / 2020-Aug-25 / Initial Release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: http://www.arubanetworks.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: http://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2020 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAl89laMACgkQmP4JykWF htnTKAf9F8jm/E6gT+ad81ZI3NFQc3e4+nmsqN2Q/gfxKvop9ZiVtxRCVaDBJZdX nT0LMoTvmRk8AX5e1MTyBm14uJIUrfRzlJRjnRX7j1shyKM5svqbVpwjm6oQLZME ODjS5kvVzdwhQ8HBVRIvmKPAJWkq7WvNbiU2LnkJhuNTNPy09Tj2RX3V6Ql2Egr4 wCAjTMWn3omAmhNT6a7Bw+OZStACe5iKbPjToSckV0ubA/AdjK1HBj3d4d99OLxL Bfg+xLolbBvjFpcLgZCOGpB5rb6zEVX8YJuJw2IqB0troCWBAt4NOqUrtt6b61/Y 26qRQUy7eAm77dhxEb31xHQ3KQEUNg== =XpKl -----END PGP SIGNATURE-----