-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

HPE Aruba Networking Product Security Advisory
===============================
Advisory ID: HPESBNW04763
CVE: CVE-2024-54006, CVE-2024-54007
Publication Date: 2025-Jan-07
Status: Confirmed
Severity: High
Revision: 1

Title
=====
HPE Aruba Networking 501 Wireless Client Bridge Authenticated Remote 
Command Injection Vulnerabilities
 
 
Overview
========
HPE Aruba Networking has released a patch for the 501 Wireless Client 
Bridge that addresses multiple command injection vulnerabilities.
 
 
Affected Products
=================
HPE Aruba Networking
  - 501 Wireless Client Bridge
 
Affected Software Versions:
  - V2.x.x.x:       V2.1.1.0-B0030 and below
 
 
Unaffected Products 
=================== 
Any other HPE Aruba Networking products and software versions not 
specifically listed above are not affected by these vulnerabilities. 


Details
=======

Authenticated Remote Command Injection Vulnerability in the Web 
Interface of a 501 Wireless Client Bridge 
(CVE-2024-54006, CVE-2024-54007)
- ---------------------------------------------------------------------

  Multiple command injection vulnerabilities exist in the web interface of the
  501 Wireless Client Bridge which could lead to authenticated remote 
  command execution. Successful exploitation of these vulnerabilities result 
  in the ability of an attacker to execute arbitrary commands as a privileged 
  user on the underlying operating system. Exploitation requires 
  administrative authentication credentials on the host system. 

  Internal References: ATLWL-515, ATLWL-524
  Severity: High
  CVSSv3.x Overall Score: 7.2
  CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

  Discovery: These vulnerabilities were discovered and reported by Nicholas 
  Starke of HPE Aruba Networking SIRT and Hosein Vita 
  (https://www.linkedin.com/in/hossein-davoodabadi-9796ba22)

  Workaround: To minimize the likelihood of an attacker exploiting this
  vulnerability, HPE Aruba Networking recommends that the CLI and 
  web-based management interfaces be restricted to a dedicated layer 2 
  segment/VLAN and/or controlled by firewall policies at layer 3 and 
  above.


Resolution
==========
Upgrade the HPE Aruba Networking 501 Wireless Client Bridge software to 
the following version (as applicable) to resolve the vulnerability 
described in the details section:
 
  - V2.x.x.x:       V2.1.2.0-B0033 and above

Software versions with resolution/fixes for the vulnerability covered
above, can be downloaded from the HPE Networking Support Portal:
https://networkingsupport.hpe.com/home/ 

HPE Aruba Networking does not evaluate or patch software branches
that have reached their End of Maintenance (EoM) milestone. For
more information about Aruba's End of Support policy visit:
https://networkingsupport.hpe.com/end-of-life/


Workaround
==========
Vulnerability specific workarounds are listed per vulnerability above. 
Contact HPE Services - Aruba Networking for any configuration assistance.
 
 
Exploitation and Public Discussion
==================================
HPE Aruba Networking is aware of a proof-of-concept script for one of these 
vulnerabilities published publicly. This script is published by Hosein Vita at 
https://cxsecurity.com/issue/WLB-2024080030
 
 
Revision History
================
Revision 1 / 2025-Jan-07 / Initial release
 
 
HPE Aruba Networking SIRT Security Procedures
==============================
Complete information on reporting security vulnerabilities in
HPE Aruba Networking products and obtaining assistance with
security incidents is available at:
 
https://support.hpe.com/hpesc/public/docDisplaydocLocale=en_US&docId=a00100637en_us
 
For reporting *NEW* HPE Aruba Networking security issues, email can be 
sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the 
use of PGP encryption. Our public keys can be found at:
 
https://www.hpe.com/info/psrt-pgp-key
 
(c) Copyright 2025 by Hewlett Packard Enterprise Development LP. This 
advisory may be redistributed freely after the release date given at the 
top of the text, provided that the redistributed copies are complete and 
unmodified, including all data and version information.
-----BEGIN PGP SIGNATURE-----

iQHLBAEBCAA1FiEEMErWmuZGsYOCo0+xpjMm7I0cE64FAmd2p9UXHHNlY3VyaXR5
LWFsZXJ0QGhwZS5jb20ACgkQpjMm7I0cE668bQv+ON1I23hRUKi1b76k/J3KOmyk
mTLAZeM46sjhwuiW7sFDjKesHWqnCiyAJFHRPU/ITukvqIA5TzBnkFuEaE8ZMPKp
o6ejrK8XJPHWVPCLQajMvHvje85u4JHeQEMseHlGZsioxKhsiDxlvQQjJxkFPTWq
wtOov4+vkJjHgEWhbIj72PxpS6eCivZ+SEPAbPE4nQSr2WWspTQOFPxyMFtYLEqH
5b0E8lovwELa0eNIfOu7vR92UmfgPXqDT16tQGcm+Wr2erzjxULQ2ERbPaK8jQF6
qnoI3E1UgL2vijr7YgqZzuEXMMwtsafcGIjfhBvmTe6cgUNCz2yjECu9KLLZAe1B
Ht0E1Zb6U1qVxGSypjr+QR1kRnZbvg9Tn4A/dDpDcga+BJdpz1jVxcpgAM3/BvIv
4DMe3JxY8G9DGArNJiq2mxdC8nuuuLRCen6zI2Fkevl9Ck9Yr5thaYtthQiM+/9m
lWQXoH5pU4REFbNmLj62DgvWMhKCXAJqBqOjjaNo
=fQuP
-----END PGP SIGNATURE-----