There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
The vulnerability results from a stack-based buffer overflow (CWE-121) in the CLI service protocol handling layer. The attacker sends specially crafted UDP packets to port 8211, used by the PAPI protocol (Aruba's Access Point management protocol). Improper handling of incoming data causes buffer overflow, which enables taking control over program execution flow and running arbitrary code.
Successful exploitation of the vulnerability allows an attacker to execute arbitrary code with the privileges of a privileged user at the operating system level of the device. In practice, this means complete takeover of the device, including the ability to modify configuration, leak data, and perform further lateral movement in the network.
Apply patches available from the manufacturer according to the references: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us and https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt. Additionally, if immediate updates are not possible, it is recommended to restrict access to UDP port 8211 (PAPI) exclusively to trusted sources using a firewall or ACL.
Devices running Aruba ArubaOS and HP InstantOS software — versions indicated in the manufacturer's references (ARUBA-PSA-2024-006 and HPE Security Bulletin hpesbnw04647en_us)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArubanetworks Arubaos
OSArubanetworks10.3.0.0 – 10.4.1.1 (bez)10.5.0.0 – 10.5.1.1 (bez)HP Instantos
OSHp6.4.0.0 – 8.6.0.24 (bez)8.7.0.0 – 8.10.0.11 (bez)
Related vulnerabilities
RCE bez uwierzytelnienia w AP Certificate Management Service (ArubaOS/InstantOS)
RCE w Soft AP Daemon Service — ArubaOS i InstantOS (KRYTYCZNY)
RCE w Soft AP Daemon Service — ArubaOS i InstantOS
Buffer overflow w usłudze SAE Aruba ArubaOS / InstantOS — nieuwierzytelniony RCE
Buffer overflow w usłudze Central Communications ArubaOS/InstantOS — nieuwierzytelniony RCE