-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2020-010 CVE: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 Publication Date: 2020-Sep-15 Last Updated: 2020-Oct-23 Status: Confirmed Revision: 2 Title ===== TCP SACK PANIC - Kernel vulnerabilities Overview ======== Aruba has released updates to products affected by Linux Kernel vulnerabilities known as TCP SACK PANIC. Successful exploitation of the most severe of these vulnerabilities could allow a remote attacker to trigger a kernel panic and impact the system availability. (*) Affected Products ================= -- AirWave Management Platform version 8.2.9.1 and below -- Aruba Instant(IAP) versions 6.5.4.16 and below, 8.3.0.12 and below 8.4.0.6 and below, 8.5.0.6 and below -- Controllers and Gateways running the following versions -- ArubaOS 6.4.4.24 and below, 6.5.4.17 and below, 8.2.2.8 and below, 8.3.0.12 and below, 8.4.0.6 and below, 8.5.0.9 and below -- x86 Mobility Master 8.3.0.14 and below, 8.5.0.11 and below, 8.6.0.6 and below, 8.7.1.0 and below -- Aruba SD-WAN 8.1.0.0-1.0.4.x, 8.4.0.0-1.0.6.x, 8.5.0.0-1.0.7.x 8.5.0.0-2.0.0.0 -- ArubaOS-CX switches version 10.2.0060 and below -- ClearPass Policy Manager versions 6.7.12 and below,6.8.3 and below Other Aruba products not listed above are not affected by any of these vulnerabilities. Details ======= Three related flaws were found in the Linux kernel’s handling of TCP networking. More information about each of the vulnerabilities can be found on the CVEs listed above. (*) Aruba has performed different tests in trying to exploit these vulnerabilities or cause Denial of Service conditions in our products without any success. Even though all three CVEs have the CVSS:3.0 Base Score of 7.5 (High), Aruba is treating these as Low Severity. As a proactive measure, Aruba has been updating the Linux Kernel in all products that might be affected, and upgrade to the patched versions is recommended, when available. Resolution ========== These vulnerabilities are fixed in the following patch releases: -- AirWave Management Platform 8.2.10 and above -- Aruba Instant (IAP) 6.5.4.17, 8.3.0.13, 8.5.0.7, 8.6.0.0, 8.7.0.0 and above -- Controllers and Gateways running the following versions -- ArubaOS 6.4.4.25 (target date 03/12/2021), 6.5.4.18, 8.3.0.13, 8.5.0.10 and above -- x86 Mobility Master 8.3.0.15 (target date 01/22/2021) 8.5.0.12 (target date 01/15/2021),8.6.0.7 (target date 12/11/2020) 8.7.1.1 (target date 12/15/2020), 8.8.0.0 (target date 01/19/2021) and above -- Aruba SD-WAN 8.5.0.0-2.1.0.0, 8.6.0.0-2.2.0.0 and above -- ArubaOS-CX switches 10.3.0001 and above -- ClearPass Policy Manager 6.7.13, 6.8.4, 6.9.0 and above Discovery ========= These vulnerabilities were discovered by researcher Jonathan Looney. Workarounds =========== None. Exploitation and Public Discussion ================================== Aruba is not aware of any public discussion or exploit code related to this issue. Revision History ================ Revision 1 / 2020-Sep-15 / Initial Release Revision 2 / 2020-Oct-23 / Updated Affected & Resolution Versions Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: http://www.arubanetworks.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: http://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2020 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE7HSZiT3iMFF7nMlwT9kZlgPfSYQFAl+QNWoACgkQT9kZlgPf SYSg0g/+P6ZDiqRK1WebN1HOzlFU+arWc5yZG0D5rSHFhysOhLqdIE1WPteHgo58 T4wzWTWUW3FvNwDAs2lFrQzGFcLCyjocY/2ph1NdXC5vQNlmQcuxO0vnrHgdSdIF gfjFqQpjo1pOa+Mv2fiM8QfdSCtLtNQrmQg/ZbFgbHc3MwZBKxs20eTYq2p57EwU Z6fcsHO/r+1Ez4cHmgK4zB2BtFajiNEHFQXUmoCOXrCD249TA6V/6mWExLPU1Ytn CFSexVZDNzUN/LYcDtLEw8llZmdYfkeYAjkENCmMwccRG/xgK1GxvA3fDMkmKzZq UddBwXqo+1Nk3VrBsEQsaEi5oHUE1k4rWlicK5yJm+grEAiI327F4uFxhU8zO9i0 1s/cZfx2MLLVdycUbn+wzbOZMiD3nw+HX2YIH8vZ7FpsZhiONNIobPXew+UUT885 LiirpatuRl8ErgTCpzeEpJ4LwB7aUML+itR2d++pAUIlj5XvBKqGtnWPnqK97a0M LyFfyElztUzX8H8s3wvLJ0hFQ9g+uEMnkHWMQHTEd/b/D8kRQ0QxqPa28BFHbVTx WEa3JHKjednCzZA/NwoUfAoJfqGPqY+bjYAZDmiJJyRQio4wizQslBzd77kM5qYB HbnyoWhlSWu3NHONB9ybIyLVKV4YAJRNnnIpVOwe+yvvuMOa3Eg= =X4sT -----END PGP SIGNATURE-----