-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2021-015 CVE: CVE-2021-3156, CVE-2021-37715 Publication Date: 2021-AUG-17 Status: Confirmed Severity: High Revision: 1 Title ===== AirWave Management Platform Multiple Vulnerabilities Overview ======== Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities. Affected Products ================= AirWave Management Platform prior to 8.2.13.0 Details ======= Sudo Privilege Escalation Vulnerability aka "Baron Samedit" (CVE-2021-3156) --------------------------------------------------------------------- A vulnerability in the command line parameter parsing code of sudo could allow an attacker with access to sudo to execute commands or binaries with root privileges. The main impact of this vulnerability would be as part of a "chained attack" where an attacker has achieved a foothold with lower privileges via another vulnerability and then uses this to escalate privileges. Internal references: ATLAW-178 Severity: High CVSSv3 Overall Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered by the Qualys research team. Stored Cross Site Scripting Vulnerability (XSS) in AirWave Web-Based Management Interface (CVE-2021-37715) --------------------------------------------------------------------- A vulnerability within the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. Internal references: ATLAW-168 Severity: Medium CVSSv3 Overall Score: 5.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N Discovery: This vulnerability was discovered and reported by Nymous (@nymous) via Aruba's Bug Bounty Program. Resolution ========== Upgrade AirWave Management Platform to 8.2.13.0 and above. Workaround ========== To minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the CLI and web-based management interfaces for AirWave be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above. Exploitation and Public Discussion ================================== Aruba is not aware of any exploitation tools or techniques that specifically target Aruba products. Revision History ================ Revision 1 / 2021-AUG-17 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: http://www.arubanetworks.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: http://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2021 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQFLBAEBCAA1FiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAmEVcDwXHHNpcnRAYXJ1 YmFuZXR3b3Jrcy5jb20ACgkQmP4JykWFhtkqEAgAuSCH7y+xQCN3+3EsHAQ8yCv4 i0aaRwhPPYRa1aJj+7YX3Ep73FXakjp+7sb4Pqx8uLVPPxtWjk7jOBt4Leuefb/I lHlj9YWB6fDrXrQPtoyNIBwmgNt614L8j5Fr4bds1w85c5KfVkfypJcuFSNm+vRC 1/Uj4tXxa3M3hl1gfi8ulBxsRrhrNAmw2xZktmsD9xiOm6Jglo+CZj3XG2toO7uO S2MQJLLv2wpD6N2RSkpYz3bUm8yx1k/Y36Tn9Nhz73u22Q+vPZqPgb8+DLEVJcda gIqunPLM+ebaVI5V3DtxVMW5qRz3vPRJe8zZQQwJ9wfQ2xwFRjT1hOpUeHw5uQ== =vyKV -----END PGP SIGNATURE-----