-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 HPE Aruba Networking Product Security Advisory ============================================== Advisory ID: HPESBNW04841 CVE: CVE-2025-25041, CVE-2024-3661 Publication Date: 2025-Apr-01 Status: Confirmed Severity: High Revision: 1 Title ===== Multiple Vulnerabilities in HPE Aruba Networking Virtual Intranet Access (VIA) Client Overview ======== HPE Aruba Networking has released an update to VIA that addresses security vulnerabilities in the HPE Aruba Networking VIA client for Microsoft Windows, MacOS, Linux, and iOS. Clients on Android systems are not affected by the included vulnerabilities. Affected Products ================= These vulnerabilities affect HPE Aruba Networking VIA clients running the following version unless specifically noted otherwise in the details section: HPE Aruba Networking VIA client: - 4.7.0 and below Note: None of the vulnerabilities described in this document impact HPE Aruba Networking VIA client for the Android platform. Updating HPE Aruba Networking VIA to a version listed in the Resolution section at the end of this advisory will resolve all issues described in the details section. Details ======= Unauthenticated Remote Code Execution allows Unauthorized Access in Network Interface Configuration (CVE-2024-3661) ----------------------------------------------------------------- A vulnerability in the network configuration service of the DHCP protocol could allow an unauthenticated remote attacker to intercept VPN traffic. Successful exploitation could allow an attacker to read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Internal References: ATLCP-276 Severity: High CVSSv3.x Overall Score: 7.1 CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Discovery: This vulnerability was discovered by Lizzie Moratti & Dani Cronce, Leviathan Security Group Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client (CVE-2025-25041) ----------------------------------------------------------------- A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could allow the creation of a Denial-of-Service (DoS) condition affecting the Microsoft Windows Operating System. This vulnerability does not affect Linux and Android based clients. Internal references: ATLCP-261 Severity: Medium CVSSv3 Overall Score: 5.5 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Discovery: This vulnerability was discovered and reported by Gee-netics via HPE Aruba Networking's Bug Bounty Program. Resolution ========== CVE-2024-3661 (TunnelVision) can be addressed by upgrading to the HPE Aruba Networking VIA version listed below: HPE Aruba Networking VIA client for Linux, MacOS, iOS, and Microsoft Windows: - Version 4.7.2 and above NOTE: CVE-2024-3661 does not affect Android-based VIA clients CVE-2025-25041 only affects the Microsoft Windows VIA client, and can be addressed by upgrading to the HPE Aruba Networking VIA version listed below: HPE Aruba Networking VIA client for Microsoft Windows: - Version 4.7.2 and above HPE Aruba Networking does not evaluate or patch HPE Aruba Networking Virtual Intranet Access (VIA) versions that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking's End of Life policy visit: https://www.hpe.com/psnow/doc/a00143052enw Workaround ========== There is no workaround for these vulnerabilities available at the time of this document's publication. Exploitation and Public Discussion ================================== CVE-2024-3661 is a publicly released CVE known as TunnelVision, and has been documented by NVD, MITRE, RHEL, and many other organizations involved in recording vulnerability data. While documented, this vulnerability does not have any public examples of exploitation, and no public exploit code exists as of the release date of this advisory. HPE Aruba Networking is not aware of any public discussion or exploit code that target CVE-2025-25041 as of the release date of this advisory. Revision History ================ Revision 1 / 2025-04-01 / Initial release HPE Aruba Networking SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: https://www.arubanetworks.com/support-services/security-bulletins/ For reporting *NEW* HPE Aruba Networking security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2025 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQHLBAEBCAA1FiEEMErWmuZGsYOCo0+xpjMm7I0cE64FAmfrAZ0XHHNlY3VyaXR5 LWFsZXJ0QGhwZS5jb20ACgkQpjMm7I0cE65mjwv9HNpbz1GjpBDJCo0pSNSfSWyl RXMaMZTmjGFZAIYfqd/yUX8m1aVh0q+Y2hLj1C5RlayhASiMhwJNrx0M7UrfaurF E4XlHWDH20+hCP5/uz4Jfdk6ZKqi+RwECzLIwoGvnDjAnec6sG1e0ZNGWxNpHAz8 NyNQVePtJPKn7wO6nrsXZKWR2PjPmoNgmEITqO8Xav9xIkADDPnEr1hL6TqyUWGZ xPZ6D1j0UXTt8yzLxF91dy+/alMRVmaKiJWaBnDJoXHTMsJgK/n2Zd/KjVRPrPrw e+CMSVp/exIx8NxC22imWOM2fO+BVZ9x/RIxXGajx2vZnyJE6jPbW6pju+PlDJaK chamO9uZLWQ8+N7Q9RWDOGNS+To21OlxHJ1Bihl36mldGLtTEipH4Cs9ru2RA4ly xzGhN0wl7T3H8mEjEnr/SJHsZ0oRbU+HA7psBOX1kh8mowp9ajzzn9iWiHuW7Kh3 mZKpCrGTURbQkYOOw6+HofFbLA4MbRFSGtPxuaRI =CSWB -----END PGP SIGNATURE-----