-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 HPE Aruba Networking Product Security Advisory =============================== Advisory ID: HPESBGN04674 CVE: CVE-2024-6387 Publication Date: 2024-Aug-06 Status: Confirmed Severity: High Revision: 1 Title ===== HPE Athonet Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH's Server (RegreSSHion) Overview ======== A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to OpenSSH sshd to handle some signals in an unsafe manner. An unauthenticated remote attacker may be able to trigger this vulnerable condition by failing to authenticate within a set time. Affected Products ================= HPE Aruba Networking - - HPE Athonet Mobile Core - 1.24.1.1 and below - 1.23.4.2 and below - - HPE Athonet IMS - 1.24.1.1 and below Unaffected Products =================== Any other HPE Networking products not specifically listed above are not affected by these vulnerabilities. Details ======= Race Condition in OpenSSH-server Leading to Unauthenticated Remote Code Execution (RCE) (CVE-2024-6387) --------------------------------------------------------------------- A security regression of (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to OpenSSH sshd to handle some signals in an unsafe manner. An unauthenticated remote attacker may be able to trigger this vulnerable condition by failing to authenticate within a set time. Internal Reference: PSA-329 Severity: High CVSSv3 Overall Score: 8.1 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Discovery: The Qualys Threat Research Unit (TRU) discovered this unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH's server (sshd) in glibc-based Linux systems. Resolution ========== To resolve the vulnerability described above, it is recommended to upgrade the software to the following version: - - HPE Athonet Mobile Core - 1.24.1.2 and above - 1.23.4.3 and above - - HPE Athonet IMS - 1.24.1.2 and above HPE Aruba Networking does not evaluate or patch HPE Athonet Mobile Core Software versions that have reached their End of Support (EoS) milestone. For more information about HPE Athonet Product Lifecycle and versioning policy visit: https://www.hpe.com/psnow/doc/4aa5-5978enw?jumpid=in_pdfviewer-psnow Workaround ========== To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that access to the SSH port on impacted devices be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above. Exploitation and Public Discussion ================================== This CVE is being widely discussed in public. Public exploits are available for 32-bit Linux systems based on glibc. 64-bit exploits are being developed. Please note that this is a high complexity attack that requires uninterrupted access to a vulnerable OpenSSH server to exploit. Conditions for exploiting this vulnerability are highly dependent upon the environment that vulnerable products are deployed into. A blog describing this vulnerability is available at https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server More in-depth technical detail and discussion is available at https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt Revision History ================ Revision 1 / 2024-Aug-13 / Initial release HPE Aruba Networking SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: https://support.hpe.com/hpesc/public/docDisplay? docLocale=en_US&docId=a00100637en_us For reporting *NEW* HPE Aruba Networking security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public key can be found at: https://www.hpe.com/info/psrt-pgp-key (c) Copyright 2024 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQHLBAEBCAA1FiEEMErWmuZGsYOCo0+xpjMm7I0cE64FAmaySp0XHHNlY3VyaXR5 LWFsZXJ0QGhwZS5jb20ACgkQpjMm7I0cE64RlwwAji8hKFsiqxb9CDTx+90uWAqO Yy1HtXw43QG5VHFM4GzJWYWHnl/ws915osSW7Zi0D58rpnC2/53SR3xDO5tWz+GG ziFekTqoxN4ER6Cpty9UNQHd4shueTApbht8Jr0PoVEAqps/cG4HTca2NTFBRsfY WYwHdkfK7ftcLkvPLmLBHE6P26zJSOR7u6/pRTIOPD4fLVkJal2ZOAMMkG0qHoLk 557gQPf9oIM/WdKhpRmweP2rkPAZVn+n0jlrZQgoM0gHg45syR99h/+pnMt6JAKz NMkSLAEQXJydKWu5BV5FRgxcfFJBV8CwrwfqjmM28qRvW3qI1Z0yoWD/DJoD1nCu DX10kla+bsj1gC+VcNVqvrGeWUr0dZf3PtIgU6Nki9kNxKlIQHKuXGyr7aKHlrfM kNLhOM2XNRtDMOU18Hqw97+0ZY+3A48Sqh+QscrkrXdugriZJ086RfCF3Jk9box1 3+/wGWE897LH/AAvmF0+G0jQjlZnfZIK1/QTaTxX =w/rL -----END PGP SIGNATURE-----