-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

HPE Aruba Networking Product Security Advisory
===============================
Advisory ID: ARUBA-PSA-2023-010
CVE: CVE-2023-3718
Publication Date: 2023-Aug-01
Status: Confirmed
Severity: High
Revision: 1
 
 
Title
=====
Authenticated Remote Code Execution in Aruba CX Switches
 
 
Overview
========
HPE Aruba Networking has released updates for wired switch
products running AOS-CX that address a security vulnerability in
the command line interface.
 
 
Affected Products
================= 
HPE Aruba Networking
Aruba Switch Models:
  - Aruba CX 10000 Switch Series
  - Aruba CX 9300 Switch Series
  - Aruba CX 8400 Switch Series
  - Aruba CX 8360 Switch Series
  - Aruba CX 8325 Switch Series
  - Aruba CX 8320 Switch Series
  - Aruba CX 6400 Switch Series
  - Aruba CX 6300 Switch Series
  - Aruba CX 6200 Switch Series
  - Aruba CX 6100 Switch Series
  - Aruba CX 6000 Switch Series
  - Aruba CX 4100i Switch Series
 
Software Branch Versions:
  - AOS-CX 10.11.xxxx: 10.11.1010 and below.
  - AOS-CX 10.10.xxxx: 10.10.1050 and below.
 
Please note that branches older than AOS-CX 10.10.xxxx were not  
affected by this vulnerability.                                  


Unaffected Products
===================
Any other HPE Aruba Networking products not listed above
including AOS-S Switches, Aruba Intelligent Edge Switches,
and HPE OfficeConnect Switches are not affected by these
vulnerabilities.
 
 
Details
=======
 
  Authenticated Command Injection Vulnerability in AOS-CX        
  Command Line Interface                                         
  (CVE-2023-3718)
  --------------------------------------------------------------------- 
    An authenticated command injection vulnerability exists in
    the AOS-CX command line interface. Successful exploitation
    of this vulnerability results in the ability to execute
    arbitrary commands on the underlying operating system as
    a privileged user on the affected switch. This allows an
    attacker to fully compromise the underlying operating system
    on the device running AOS-CX.
    
    Internal references: ATLAX-74
    Severity: High 
    CVSSv3 Overall Score: 8.8
    CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 
    Discovery: This vulnerability was discovered and reported by
    Nick Starke of Aruba Threat Labs.

    Workaround: Please note that this vulnerability only
    applies to switches which are running in enhanced
    security mode. Switches not in this mode allow access
    to the start-shell command which already provides full
    access to the underlying operating system. For more
    information, please see the AOS-CX Security Guide found at
    https://www.arubanetworks.com/techdocs/AOS-CX/10.10/HTML/security_83xx-8400-9300-10000/Content/Chp_Cnf_enh_sec/cnf-enh-sec-10.htm
 
 
Resolution
==========
Upgrade affected switches to one of the following AOS-CX branches
and versions to resolve all the vulnerabilities described in the
details section:
 
  - AOS-CX 10.12.xxxx: 10.12.0006 and above.
  - AOS-CX 10.11.xxxx: 10.11.1021 and above.
  - AOS-CX 10.10.xxxx: 10.10.1060 and above.
 
HPE Aruba Networking does not evaluate or patch AOS-CX software
branches that have reached their End of Maintenance (EoM)
milestone.
 
Supported branches as of the publication date of this advisory
are:
 
  - AOS-CX 10.12.xxxx
  - AOS-CX 10.11.xxxx
  - AOS-CX 10.10.xxxx
  - AOS-CX 10.06.xxxx
 
Please note that this advisory only applies to branches AOS-CX
10.10.xxxx and above.

For more information about HPE Aruba Networking's End of Support 
policy visit:                                                    
https://www.arubanetworks.com/support-services/end-of-life/
 
 
Workaround
==========
To minimize the likelihood of an attacker exploiting this
vulnerability, HPE Aruba Networking recommends that the CLI and
web-based management interfaces be restricted to a dedicated
layer 2 segment/VLAN and/or controlled by firewall policies at
layer 3 and above.
 
Vulnerability specific workarounds are listed per vulnerability
above. Contact HPE Services - Aruba Networking TAC for any
configuration assistance.
 
 
Exploitation and Public Discussion
==================================
HPE Aruba Networking is not aware of any public discussion or
exploit code that target this specific vulnerability as of the
release date of the advisory.
 
 
Revision History
================
Revision 1 / 2023-Aug-01 / Initial release
 
 
HPE Aruba Networking SIRT Security Procedures
==============================
Complete information on reporting security vulnerabilities in HPE
Aruba Networking products and obtaining assistance with security
incidents is available at:
 
https://www.arubanetworks.com/support-services/security-bulletins/
 
For reporting *NEW* HPE Aruba Networking security issues, email
can be sent to aruba-sirt(at)hpe.com. For sensitive information
we encourage the use of PGP encryption. Our public keys can be
found at:
 
https://www.arubanetworks.com/support-services/security-bulletins/
 
(c) Copyright 2023 by Hewlett Packard Enterprise Development LP.
This advisory may be redistributed freely after the release date
given at the top of the text, provided that the redistributed
copies are complete and unmodified, including all data and
version information.
-----BEGIN PGP SIGNATURE-----

iQFLBAEBCAA1FiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAmS1nLYXHHNpcnRAYXJ1
YmFuZXR3b3Jrcy5jb20ACgkQmP4JykWFhtmJhwgAnyHj6ZmsmPrd0DGkA/vR7ZLs
bRBOW7kTyXYWuKv4zoxEHfB5eN+ma7eJhhi4i/FXrnDKi7VLZe9nF4pAK5oo4RCI
0/brRhqvbVvhzt53SZHtf/JXa7H6fIrnfmbI5f2K5OBTuza2ztt8Bag4+fbxK7BY
qgNaQ1v6c62AKqzRopLews0y9UWtPu82F+0/C883TrRYa+RFsbkO5NnYUCH50Rmg
Gb6qv650qKTRGgTc7ko8un/V7dxPGEfODg/e4bHsBwQmWoGAdGa+bWYDypyAPMZo
xR15Y9kco0MuIW7FqLYUf6PAUeU67jU5R4/SNFUEbWlMZqcEYaJKv7pldsjnYQ==
=+3Gd
-----END PGP SIGNATURE-----