-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 HPE Aruba Networking Product Security Advisory ============================================= Advisory ID: HPESBNW04723 CVE: CVE-2025-23051, CVE-2025-23052 Publication Date: 2025-Jan-14 Status: Confirmed Severity: High Revision: 1 Title ===== HPE Aruba Networking AOS Controllers and Gateways Multiple Vulnerabilities Overview ======== HPE Aruba Networking has released AOS patches for Mobility Conductors, Controllers and Gateways to address multiple security vulnerabilities. Affected Products ================= HPE Aruba Networking - Mobility Conductor - Mobility Controllers - WLAN and SD-WAN Gateways Managed by HPE Aruba Networking Central Affected Software Version(s): - AOS-10.4.x.x: 10.4.1.4 and below - AOS-8.12.x.x: 8.12.0.2 and below - AOS-8.10.x.x: 8.10.0.14 and below The following software versions that are End of Maintenance (EoM) are affected by these vulnerabilities and are not addressed by this advisory: - AOS-10.6.x.x: all - AOS-10.5.x.x: all - AOS-10.3.x.x: all - AOS-8.11.x.x: all - AOS-8.9.x.x: all - AOS-8.8.x.x: all - AOS-8.7.x.x: all - AOS-8.6.x.x: all - AOS-6.5.4.x: all - SD-WAN 8.7.0.0-2.3.0.x: all - SD-WAN 8.6.0.4-2.2.x.x: all Unaffected Products ================= Any other HPE Aruba Networking products and software versions not specifically listed above are not affected by this vulnerability. Details ====== Authenticated Remote Code Execution in AOS Web-based Management Interface (CVE-2025-23051) - --------------------------------------------------------------------- An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files. Internal References: ATLWL-485 Severity: High CVSSv3.x Overall Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by Erik de Jong (bugcrowd.com/erikdejong) via HPE Aruba Networking bug bounty program. Workaround: To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above. Authenticated Command Injection Vulnerability allows Unauthorized Command Execution in CLI Interface (CVE-2025-23052) - --------------------------------------------------------------------- Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Internal References: ATLWL-482 Severity: High CVSSv3.x Overall Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by Erik de Jong (bugcrowd.com/erikdejong) via HPE Aruba Networking bug bounty program. Workaround: To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above. Resolution ========== Upgrade Mobility Conductors, Controllers, and Gateways to one of the following ArubaOS versions (as applicable) to resolve the vulnerability described in the details section: - AOS-10.7.x.x: 10.7.0.0 and above - AOS-10.4.x.x: 10.4.1.5 and above - AOS-8.12.x.x: 8.12.0.3 and above - AOS-8.10.x.x: 8.10.0.15 and above Software versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE. HPE Aruba Networking does not evaluate or patch AOS-8 and AOS-10 software branches that have reached their End of Maintenance (EoM) milestone. For more information about Aruba's End of Support policy visit: https://www.hpe.com/psnow/doc/a00143052enw Workaround ========== Vulnerability specific workarounds are listed per vulnerability above. You may contact HPE Services - Aruba Networking for assistance if needed. Exploitation and Public Discussion ================================== HPE Aruba Networking is not aware of any public discussion or exploit code targeting these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2025-Jan-14 / Initial release HPE Aruba Networking SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us For reporting *NEW* HPE Aruba Networking security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.hpe.com/info/psrt-pgp-key (c) Copyright 2025 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information -----BEGIN PGP SIGNATURE----- iQHLBAEBCAA1FiEEMErWmuZGsYOCo0+xpjMm7I0cE64FAmeGXuEXHHNlY3VyaXR5 LWFsZXJ0QGhwZS5jb20ACgkQpjMm7I0cE67aEAv+NmHLwjk8b/9Kf2qrESRJ/oNq az3+6CUJTALW+rxcPN9ucsa0dUGOwL2ihPf9/E7+ycwJNuRZKdkSeoIfR8cxmQfk jSSfCU8bET0bqsK0kiuBSG6myfsFM+M/uzRrkdXjnYanaCqEeFdv6fp3/tdqxy78 mh3mRw+B7n1e2vG2XJzMRGw+ri460N1YFDroZWGRpMhfzwtbEdD4Zrj5Y5FfCPa+ giwK5ZuUYVJkeW0xXUCs+g8I17gj0o4TEtOfwHQnBRsrvA0PPJ/e4SDMwyasm9e1 Sw1yJg2QUhjBvqtsJfK0hcxiQUw73ZZSo0EmTm+Dpd4WEqL4k0SFcZfzJqi3UR2v YhHxAuHoP2Bg0n6VPP4FrJLqMgbcqJcQ/WrlROZ5tKK5lZjGlgnhf61n4CdTSw0M TmffW5kKT3EBluscMibrBhpWgvxjN7pY49EwSiEd3frvhLtt0hF78bxsKrihMkLx UxsPkEKhBBQMjczGxjvbeSEzfXXhukqqHBiuJHhj =XvEq -----END PGP SIGNATURE-----