-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Aruba Product Security Advisory
==================================
Advisory ID: ARUBA-PSA-2021-001
CVE:  CVE-2020-24638, CVE-2020-24639, CVE-2020-24640, CVE-2020-24641
Publication Date: 2021-Jan-12
Status: Confirmed
Revision: 1


Title
=====
AirWave Glass Multiple Vulnerabilities


Overview
========
Aruba has released updates  to  Airwave  Glass  that  address  multiple
security vulnerabilities.  


Affected Products
=================
  AirWave Glass 1.3.2 and below
  


Details
=======
  Remote Authentication Bypass via Unauthenticated Server-Side Request Forgery (CVE-2020-24641)
  ---------------------------------------------------------------------
    There is a Server-Side Request  Forgery  vulnerability  through  an 
    unauthenticated endpoint that if successfully exploited can  result
    in disclosure of sensitive information. This can be used to perform
    an authentication bypass and ultimately gain administrative  access
    on the web administrative interface. 
    
    Internal references: ATLAW-63, ATLAW-80, ATLAW-155
    Severity: Critical
    CVSSv3 Overall Score: 9.8
    CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Discovery: These vulnerabilities were discovered  and  reported  by 
    Daniel Jensen (@dozernz) via Aruba's Bug Bounty Program

    Resolution: Fixed in Glass 1.3.3 and above

 
  Unauthenticated Arbitrary Command Execution in Web Administrative Interface (CVE-2020-24640) 
  ---------------------------------------------------------------------
    There is a vulnerability caused by  insufficient  input  validation
    that allows for arbitrary  command  execution  in  a  containerized
    environment within Airwave Glass. 
    Successful exploitation can lead  to  complete  compromise  of  the
    underlying host operating system. 
        
    Internal reference: ATLAW-59, ATLAW-105, ATLAW-153
    Severity: Critical
    CVSSv3 Overall Score: 9.8
    CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Discovery: These vulnerabilities were discovered  and  reported  by 
    Daniel Jensen (@dozernz) and Erik de Jong (bugcrowd.com/erikdejong)
    via Aruba's Bug Bounty Program 
   
    Resolution: Fixed in Glass 1.3.3 and above


  Unauthenticated Arbitrary Code Execution in Web Administrative Interface (CVE-2020-24639)
  ---------------------------------------------------------------------
    There is a vulnerability caused by unsafe Java deserialization that
    allows  for  arbitrary  command  execution  in    a   containerized
    environment within Airwave Glass.
    Successful exploitation can lead  to  complete  compromise  of  the
    underlying host operating system. 
    
    Internal references: ATLAW-67, ATLAW-121, ATLAW-152
    Severity: Critical
    CVSSv3 Overall Score: 9.8
    CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Discovery: These vulnerabilities were discovered  and  reported  by 
    Daniel Jensen (@dozernz) via Aruba's Bug Bounty Program

    Resolution: Fixed in Glass 1.3.3 and above


  Multiple Authenticated Command Injections via glassadmin cli (CVE-2020-24638)
  ---------------------------------------------------------------------
    Multiple authenticated remote command executions  are  possible  in
    Airwave Glass via the glassadmin cli. These allow for a  user  with
    glassadmin privileges to execute arbitrary  code  as  root  on  the
    underlying host operating system.

    Internal references: ATLAW-100, ATLAW-101, ATLAW-109, ATLAW-111
    Severity: High
    CVSSv3 Overall Score: 7.2
    CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Discovery: These vulnerabilities were discovered  and  reported  by 
    Erik de  Jong  (bugcrowd.com/erikdejong)  via  Aruba's  Bug  Bounty 
    Program

    Resolution: Fixed in Glass 1.3.3 and above

  
Resolution
==========
 
  Upgrade Airwave Glass to 1.3.3 and above


Workaround
==========
To  minimize  the  likelihood   of   an   attacker   exploiting   these
vulnerabilities, Aruba recommends  that  the  cli  and  web  management
interfaces for Airwave Glass be  restricted  to  a  dedicated  layer  2
segement/VLAN and/or controlled by firewall  policies  at layer  3  and
above. 

Revision History
================

Revision 1 / 2021-Jan-12 / Initial release


Aruba SIRT Security Procedures 
==============================
Complete information on reporting  security  vulnerabilities  in  Aruba
Networks products, obtaining  assistance  with  security  incidents  is
available at: 
 
http://www.arubanetworks.com/support-services/security-bulletins/ 
 
 
For reporting *NEW* Aruba Networks security issues, email can  be  sent
to aruba-sirt(at)hpe.com. For sensitive information  we  encourage  the
use of PGP encryption. Our public keys can be found at: 
 
http://www.arubanetworks.com/support-services/security-bulletins/ 
 

(c) Copyright 2021 by Aruba, a Hewlett Packard Enterprise company. 
This advisory may be redistributed freely after the release date  given 
at the top of the text, provided  that  the  redistributed  copies  are 
complete and unmodified, including all data and version information.

-----BEGIN PGP SIGNATURE-----

iQFLBAEBCgA1FiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAl/zemMXHHNpcnRAYXJ1
YmFuZXR3b3Jrcy5jb20ACgkQmP4JykWFhtlzKQf9HoyYUK5+xALxKxvXJYHng82R
82iZsE+vgC3FH8keZYr3PognayUK4g1NJcmDJnWDFASwdkL/FTlP9GRS2BrYx05I
lgIXvngCsHs/GlP3768oWrVtyL8n6MP6g/A1mgWHvwljt83nmn3nhSuYILXhCHKE
tCsDnYVOF5aPXecvzDkVUfAr4b2zXkrAAhLK+foz27WEnYtk0BlTZIKFBWYavWHA
zSGWBMR5M5o5RpPwHR4QnFC37YNt4MPJ8edr1vp/oj0BqDi+s27xovYSO59XFJgt
Zj46XgNOVSuamVB+Gxcou8fTAaddTab4SGvWoBRIFA89shT1JJPwSm/YHlzjpQ==
=QhrW
-----END PGP SIGNATURE-----