-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aruba Product Security Advisory 
=============================== 
Advisory ID: ARUBA-PSA-2020-009
CVE: CVE-2020-7121, CVE-2020-7122
Publication Date: 2020-Sep-15
Status: Confirmed
Revision: 3



Title 
===== 
Multiple Memory Corruption Vulnerabilities for Aruba CX Switches
  
  
Overview 
========
Four memory corruption vulnerabilities in the Aruba  CX  Switches  have
been found. Successful  exploitation  of  these  vulnerabilities  could
result in Local Denial of Service of both LLDP  (Link  Layer  Discovery
Protocol) and CDP (Cisco Discovery Protocol) processes in the switch.
  
  
Affected Products 
================= 
The following Aruba CX Switches and versions are affected:

8400 Series
8325 Series
8320 Series
6400 Series
6300 Series
6200 Series

Version 10.04.3030 and below for CVE-2020-7121
Version 10.04.1000 and below for CVE-2020-7122

Any other Aruba products not listed above, including Aruba  Intelligent
Edge Switches and HPE OfficeConnect Switches are not affected by  these
vulnerabilities.


Details 
=======

  Memory Corruption in the LLDP process                 (CVE-2020-7121)
  ---------------------------------------------------------------------
    Two memory corruption  vulnerabilities  exist  in  ArubaOS-CX  Link
    Layer    Discovery    Protocol   (LLDP)    implementation.    These
    vulnerabilities can only be exploited  by  specially  crafted  LLDP
    packets. Although these usually  result  in  a  Denial  of  Service
    condition  via   crashing   the   LLDP   process,   under   certain
    circumstances Remote Code Execution (RCE) can be achieved.
    Also, the attacker needs to be on the same Layer 2 segment  to  the
    switch.

    Internal reference: ATLAX-17
    Severity: High
    CVSSv3 Overall Score: 7.5
    CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Resolution: Fixed in 10.04.3031, 10.05.0001 and above


  Memory Corruption in the CDP process                  (CVE-2020-7122)
  ---------------------------------------------------------------------
    Two memory corruption vulnerabilities  exist  in  ArubaOS-CX  Cisco
    Discovery Protocol (CDP) implementation. These vulnerabilities  can
    only be exploited by specially crafted CDP packets. Although  these
    usually result in a Denial of Service condition  via  crashing  the
    CDP process, under  certain  circumstances  Remote  Code  Execution
    (RCE) can be achieved.
    Also, the attacker needs to be on the same Layer 2 segment  to  the
    switch.
    
    Internal reference: ATLAX-16
    Severity: High
    CVSSv3 Overall Score: 7.5
    CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Resolution: Fixed in 10.04.2000 and above


Discovery 
=========
These vulnerabilities  were  discovered   by   Nicholas   Starke   from
Aruba Threat Labs


Resolution
==========
Aruba recommends upgrading  the  CX  switches  to  version  10.04.3031,
10.05.0001 and above.
Target release date for 10.04.3031 is Nov-13-2020.
  

Workarounds
===========
If updating to the recommended versions is not  possible,  disable LLDP
and/ or CDP where possible. If you need assistance  disabling  CDP  and
LLDP, contact Aruba support. 


Exploitation and Public Discussion 
==================================
Aruba is not aware of any public discussion or exploit code related  to
this issue. 
 
 
Revision History 
================
  Revision 1 / 2020-Sep-15 / Initial Release
  Revision 2 / 2020-Oct-20 / Updated Resolution for CVE-2020-7121
  Revision 3 / 2020-Oct-27 / Updated Affected version for CVE-2020-7121

  
  
Aruba SIRT Security Procedures 
==============================
Complete information on reporting  security  vulnerabilities  in  Aruba
Networks products, obtaining  assistance  with  security  incidents  is
available at: 
 
http://www.arubanetworks.com/support-services/security-bulletins/ 
 
 
For reporting *NEW* Aruba Networks security issues, email can  be  sent
to aruba-sirt(at)hpe.com. For sensitive information  we  encourage  the
use of PGP encryption. Our public keys can be found at: 
 
http://www.arubanetworks.com/support-services/security-bulletins/ 
 
 
(c) Copyright 2020 by Aruba, a Hewlett Packard Enterprise company. 
This advisory may be redistributed freely after the release date  given 
at the top of the text, provided  that  the  redistributed  copies  are 
complete and unmodified, including all data and version information.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE7HSZiT3iMFF7nMlwT9kZlgPfSYQFAl+SuAcACgkQT9kZlgPf
SYSS7BAAsjmn4hmXHymt4Y/cCPCM6QpdmBRU2DHKeWqTlwxVBPboYhpYKcY6/uUQ
vARZqHfo9xCMqKWJrVJZQhTyPAkS1ZUoj2c8TMoxSlzCSLndvXjerakGpwsWsXDE
ya8Z+hMT0lCFF2DIESBS2fQE3HMdtwwMOcpx2mCIO4ZHWycvqS7u3UHHvzcVVv/4
5C0B4CPBD+A51c1UGKidighNikaO5MH7UXgeOA2Ehm+ErRdO7mtcedoeEvtYvDml
tgnAus3ChtmCdQ/JZj9G8RL74tJw63Vc0dEhvXn9+H27/YCWl1gKCOYE1y6ilc8u
h3HYbOC5Th+hsc//3FTzGpBWul8KUlwao5QFkClCYvsbEP4shL6w00VkBOnAlcTJ
WfwUkYIajmpUbQsrEjRUbk85BZkzM2cvOk8DiNeWN7Gxpx2TWBiOWHkkrAUFhg04
ceGaCdj1NKdXuPYRR5dHzOy1sgglY2Nx1v4/CdoBIH7wifWUYNsyXr//q7ofCu2B
SXNOCPlUXyZr4xwKkzaLCsL9xaVnOHXg3D+aywsCXTZzf7hcwLREXF1JHFuQoYtI
3tfLUA9sJi9UY3PgoF5okqfluqmlqnTepFedHj5JHCjN5s0IdXdNxiyRz3O7QYSy
GkqwCSm4PmTWJhq2zrkM84Xj4aevqGSMQQ8lPwZk8fbsVfee6RQ=
=Tug2
-----END PGP SIGNATURE-----