-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2022-005 CVE: CVE-2021-41004, CVE-2021-41005 Publication Date: 2022-Apr-05 Status: Confirmed Severity: High Revision: 1 Title ===== Aruba Instant On Switch Denial of Service Vulnerabilities Overview ======== Aruba has discovered two Denial of Service vulnerabilities in Aruba Instant On 1930 Switches. CVE-2021-41005 requires authentication to be exploited and CVE-2021-41004 can be exploited without supplying any authentication information. Affected Products ================= -- Aruba Instant On 1930 switches firmware versions 1.0.7.0 and below when managed through the local web interface. Unaffected Products =================== -- All other Aruba Switches and all Aruba Access Points -- Instant On 1930 Switches when managed through cloud-based mobile app and web portal. Details ======= Two Denial of Service vulnerabilities were discovered in Aruba Instant On 1930 Switches. These vulnerabilities can be exploited to cause the switch to reboot. CVE-2021-41004 does not require authentication credentials to exploit the Denial of Service condition. CVE-2021-41005 requires authentication in order to be successfully exploited. These vulnerabilities only impact locally managed switches. Cloud managed switches are not impacted by these vulnerabilities. Unauthenticated Denial of Service: (CVE-2021-41004) Internal references: ASIRT-881 Severity: High CVSSv3 Overall Score: 7.5 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Authenticated Denial of Service: (CVE-2021-41005) Internal references: ASIRT-882 Severity: Medium CVSSv3 Overall Score: 6.5 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Resolution ========== Upgrading to version 2.5.0.42 or above addresses both of these vulnerabilities. Firmware can be manually updated with the download from here: https://community.arubaInstantOn.com/browse/blogs/blogviewer?blogkey=8aac4e14-50d9-4991-8c72-602a4d87768d Exploitation and Public Discussion ================================== Aruba is not aware of any public proof of concept code. Workaround and Mitigations ========================== To further minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the web-based management interface for Aruba Instant On switches be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above. Discovery ========= These vulnerabilities were discovered by Nicholas Starke of Aruba Threat Labs. Revision History ================ Revision 1 / 2022-Apr-05 / Initial release Aruba SIRT Security Procedures ============================== To receive Security Advisory updates, subscribe to notifications at https://sirt.arubanetworks.com/mailman/listinfo/security-alerts_sirt.arubanetworks.com Complete information on reporting security vulnerabilities in Aruba Networks products and obtaining assistance with security incidents is available at: https://www.arubanetworks.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2022 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAmJEV64ACgkQmP4JykWF htkZ+wf9FVgK2et0k0a1GFERnmREPQN6Y1/y3yICcM5HapG9CoXNPLEX9iVUgzXr OghdVqKYvmvOhdTYQc7niYg7iwknintrM+JRvuW7xaxnR22FvcMxaE4TIp9apobU 4v1/SStZ3Z5lGcsV5dzWflN0GSOtKisOPlHtyy3oYhkYLfudhIIA8zT21z+8omY0 CCtVxqfUeueF/TXsJBkqZg2gZDrs/EJdbNjLYPMztXgmhUV8MTkE/LszXdZDfWVA VxerR/FaxW0yTH+qVvYSdoWBYPG8s8FcDi4pr0VappPJBtdA1KzwMMOdlwQEEX0z 1rO9+m8ROR23aFPnpfAn1G5DhtT7Vg== =Sy0k -----END PGP SIGNATURE-----