-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

HPE Aruba Networking Product Security Advisory   
===============================   
Advisory ID: HPESBGN04674  
CVE: CVE-2024-6387 
Publication Date: 2024-Aug-06  
Status:  Confirmed  
Severity: High  
Revision: 1  
   
   
Title   
=====   
HPE Athonet Unauthenticated Remote Code Execution (RCE) vulnerability 
in OpenSSH's Server (RegreSSHion) 


Overview   
========   
A security regression (CVE-2006-5051) was discovered in OpenSSH's 
server (sshd). There is a race condition which can lead to 
OpenSSH sshd to handle some signals in an unsafe manner. An 
unauthenticated remote attacker may be able to trigger this 
vulnerable condition by failing to authenticate within a set 
time. 
 

Affected Products   
=================   
HPE Aruba Networking  
- - HPE Athonet Mobile Core
  - 1.24.1.1 and below 
  - 1.23.4.2 and below  
- - HPE Athonet IMS  
  - 1.24.1.1 and below


Unaffected Products   
===================   
Any other HPE Networking products not specifically listed above are   
not affected by these vulnerabilities.   
  

Details   
=======   
  Race Condition in OpenSSH-server Leading to Unauthenticated  
  Remote Code Execution (RCE) 
  (CVE-2024-6387)  
  ---------------------------------------------------------------------  
    A security regression of (CVE-2006-5051) was discovered in 
    OpenSSH's server (sshd). There is a race condition which can 
    lead to OpenSSH sshd to handle some signals in an unsafe 
    manner. An unauthenticated remote attacker may be able to 
    trigger this vulnerable condition by failing to authenticate 
    within a set time.    

    Internal Reference: PSA-329  
    Severity: High  
    CVSSv3 Overall Score: 8.1  
    CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
      
    Discovery: The Qualys Threat Research Unit (TRU) discovered this 
               unauthenticated Remote Code Execution (RCE) vulnerability 
               in OpenSSH's server (sshd) in glibc-based Linux systems.   
  

Resolution   
==========   
To resolve the vulnerability described above, it is recommended to   
upgrade the software to the following version:                            

- - HPE Athonet Mobile Core 
  - 1.24.1.2 and above 
  - 1.23.4.3 and above
- - HPE Athonet IMS          
  - 1.24.1.2 and above
  
HPE Aruba Networking does not evaluate or patch HPE Athonet Mobile   
Core Software versions that have reached their End of Support (EoS)   
milestone.   

For more information about HPE Athonet Product Lifecycle and versioning 
policy visit:   
https://www.hpe.com/psnow/doc/4aa5-5978enw?jumpid=in_pdfviewer-psnow  


Workaround   
========== 
To minimize the likelihood of an attacker exploiting this vulnerability, 
HPE Aruba Networking recommends that access to the SSH port on impacted 
devices be restricted to a dedicated layer 2 segment/VLAN and/or controlled 
by firewall policies at layer 3 and above.                             
   

Exploitation and Public Discussion   
==================================   

This CVE is being widely discussed in public. Public exploits are available 
for 32-bit Linux systems based on glibc. 64-bit exploits are being developed. 
Please note that this is a high complexity attack that requires uninterrupted 
access to a vulnerable OpenSSH server to exploit. Conditions for exploiting 
this vulnerability are highly dependent upon the environment that vulnerable 
products are deployed into. 
  
A blog describing this vulnerability is available at   
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server   

More in-depth technical detail and discussion is available at 
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt  


Revision History   
================   
Revision 1 / 2024-Aug-13 / Initial release  

   
HPE Aruba Networking SIRT Security Procedures   
==============================   
Complete information on reporting security vulnerabilities in HPE Aruba   
Networking products and obtaining assistance with security incidents is   
available at:                                                            
https://support.hpe.com/hpesc/public/docDisplay?  docLocale=en_US&docId=a00100637en_us     

For reporting *NEW* HPE Aruba Networking security issues, email can be   
sent to aruba-sirt(at)hpe.com. For sensitive information we encourage   
the use of PGP encryption. Our public key can be found at:               
https://www.hpe.com/info/psrt-pgp-key   

(c) Copyright 2024 by Hewlett Packard Enterprise Development LP. This   
advisory may be redistributed freely after the release date given    
at the top of the text, provided that the redistributed copies are        
complete and unmodified, including all data and version information. 
-----BEGIN PGP SIGNATURE-----

iQHLBAEBCAA1FiEEMErWmuZGsYOCo0+xpjMm7I0cE64FAmaySp0XHHNlY3VyaXR5
LWFsZXJ0QGhwZS5jb20ACgkQpjMm7I0cE64RlwwAji8hKFsiqxb9CDTx+90uWAqO
Yy1HtXw43QG5VHFM4GzJWYWHnl/ws915osSW7Zi0D58rpnC2/53SR3xDO5tWz+GG
ziFekTqoxN4ER6Cpty9UNQHd4shueTApbht8Jr0PoVEAqps/cG4HTca2NTFBRsfY
WYwHdkfK7ftcLkvPLmLBHE6P26zJSOR7u6/pRTIOPD4fLVkJal2ZOAMMkG0qHoLk
557gQPf9oIM/WdKhpRmweP2rkPAZVn+n0jlrZQgoM0gHg45syR99h/+pnMt6JAKz
NMkSLAEQXJydKWu5BV5FRgxcfFJBV8CwrwfqjmM28qRvW3qI1Z0yoWD/DJoD1nCu
DX10kla+bsj1gC+VcNVqvrGeWUr0dZf3PtIgU6Nki9kNxKlIQHKuXGyr7aKHlrfM
kNLhOM2XNRtDMOU18Hqw97+0ZY+3A48Sqh+QscrkrXdugriZJ086RfCF3Jk9box1
3+/wGWE897LH/AAvmF0+G0jQjlZnfZIK1/QTaTxX
=w/rL
-----END PGP SIGNATURE-----