-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 HPE Aruba Networking Product Security Advisory ============================================== Advisory ID: HPESBNW04844 CVE: CVE-2025-27078, CVE-2025-27079 Publication Date: 2025-Apr-08 Status: Confirmed Severity: Medium Revision: 1 Title ===== HPE Aruba Networking AOS-8 Instant AP and AOS-10 AP Multiple Vulnerabilities Overview ======== HPE Aruba Networking has released patches for Aruba access points running AOS-8 Instant and AOS-10 AP that address multiple security vulnerabilities. Affected Products ================= HPE Aruba Networking - Access Points running AOS-8 Instant - Access Points running AOS-10 AP Affected Software Version(s): - AOS-10 AP 10.7.x.x: 10.7.0.1 and below - AOS-10 AP 10.4.x.x: 10.4.1.5 and below - AOS-8 Instant 8.12.x.x: 8.12.0.3 and below - AOS-8 Instant 8.10.x.x: 8.10.0.15 and below The following software versions that are End of Maintenance (EoM) are affected by these vulnerabilities and are not addressed by this advisory: - AOS-10 AP 10.6.x.x: all - AOS-10 AP 10.5.x.x: all - AOS-10 AP 10.3.x.x: all - AOS-8 Instant 8.11.x.x: all - AOS-8 Instant 8.9.x.x: all - AOS-8 Instant 8.8.x.x: all - AOS-8 Instant 8.7.x.x: all - AOS-8 Instant 8.6.x.x: all - AOS-8 Instant 8.5.x.x: all - AOS-8 Instant 8.4.x.x: all - AOS Instant 6.5.x.x: all - AOS Instant 6.4.x.x: all Unaffected Products ================= HPE Aruba Networking Mobility Conductor, Mobility Controllers, and SD-WAN Gateways are not affected by these vulnerabilities. HPE Networking InstantOn Access Points are also not affected by these vulnerabilities. Any other supported software versions not listed under the Affected Products section of this advisory are not known to be affected by the disclosed vulnerabilities. Details ======= Authenticated Remote Command Execution caused by Insecure Function Usage in System Binary (CVE-2025-27078) ----------------------------------------------------------------- A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Successful exploitation could lead to complete system compromise. Internal References: ATLWL-522 Severity: Medium CVSS v3.1 Base Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Discovery: This vulnerability was discovered by ZZ from Moonlight Bug Hunter Workaround: None Arbitrary File Creation vulnerability allows for Authenticated Remote Code Execution in CLI Interface (CVE-2025-27079) ----------------------------------------------------------------- A vulnerability in the file creation process on the command line interface of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to perform remote code execution (RCE). Successful exploitation could allow an attacker to execute arbitrary operating system commands on the underlying operating system leading to potential system compromise. Internal References: ATLWL-521 Severity: Medium CVSS v3.1 Base Score: 6.0 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Discovery: This vulnerability was discovered by ZZ from Moonlight Bug Hunter Workaround: None Resolution ========== In order to address the vulnerabilities described above for the affected release branches, it is recommended to upgrade the software to the following versions: - AOS-10 AP 10.7.x.x: 10.7.0.2 and above - AOS-10 AP 10.4.x.x: 10.4.1.6 and above - AOS-8 Instant 8.12.x.x: 8.12.0.4 and above - AOS-8 Instant 8.10.x.x: 8.10.0.16 and above HPE Aruba Networking does not evaluate or patch AOS-8 Instant or AOS-10 AP software branches that have reached their End of Maintenance (EoM) milestone. For more information about the HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw Workaround ========== Vulnerability specific workarounds are listed per vulnerability above. You may contact HPE Services - HPE Aruba Networking for assistance if needed. For more information, please visit HPE Aruba Networking Support Portal at https://networkingsupport.hpe.com/home Exploitation and Public Discussion ================================== HPE Aruba Networking is not aware of any public discussion or exploit code targeting these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2025-Apr-08 / Initial release HPE Aruba Networking SIRT Security Procedures ============================================== Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us For reporting NEW HPE Aruba Networking security issues, email can be sent to aruba-sirt@hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.hpe.com/info/psrt-pgp-key (c) Copyright 2025 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information -----BEGIN PGP SIGNATURE----- iQHLBAEBCAA1FiEEMErWmuZGsYOCo0+xpjMm7I0cE64FAmf1GhEXHHNlY3VyaXR5 LWFsZXJ0QGhwZS5jb20ACgkQpjMm7I0cE67FMwv/c8ajpENypOWO0l19UP0PQJlE 0KW61QmEnNtLPesxP+E4PGfBnJVA2tFKBNeuWxCHKPn/E28hOcnTETFdBKtfXlyO wk16UgoyyLoz0tczqKjOBL2NLn/AaOcZeZ0uR7Imgcsx4gOBmabldUzQHlu969VJ gJBe1D0O/GPuUmyCgJttdGTMUu5K5nhCd9Mv7CkQ2pYZ4+0dTjyvoGGAiUzlYZ/r AwRaVTksA0VurZhgvVZ9hGVI9pjVDipcyXN/IcYBCAGAwMWoqUhWad43LQev7n6M VQYMlurEafxgm9poH/H32fwHDzN1uSk3XLxKDHbJMbKvPhvBerEbt1lTuLcDGzHt LXSa+ZSIpR0/0t+UZQCzM7x+8OGXbkUlaoJlVtjJC7rmBURRMGaei6eEou1ToPqZ K29ph+33hgMRO04mB6LYb84G5jEN8aHELDO6r3+RcRNWQ/FM9jg+AwBqwRjMGL7R JOxGPyha9PK4+eLkXGPuFil4L56k0rlrqUOsbtEM =7IF0 -----END PGP SIGNATURE-----