There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
The vulnerability results from a buffer overflow error (CWE-787) and improper certificate verification (CWE-295) in the AP Certificate Management Service. An attacker can remotely, without requiring any privileges or user interaction, send a specially crafted request to the vulnerable service. Exploitation enables execution of arbitrary system commands at the device's operating system level.
An attacker can gain full control over the device by executing arbitrary commands at the operating system level, leading to complete system compromise — including data theft, network configuration modification, and use of the device as an entry point for further attacks.
Patches available from the manufacturer should be applied in accordance with the references — HPE Security Bulletin available at: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US
ArubaNetworks ArubaOS and HPE InstantOS products — specific versions indicated in the manufacturer's references (HPE Security Bulletin hpesbnw04678en_us)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArubanetworks Arubaos
OSArubanetworks10.3.0.0 – 10.4.1.4 (bez)10.5.0.0 – 10.6.0.1 (bez)HP Instantos
OSHp6.4.0.0 – 8.10.0.13 (bez)8.12.0.0 – 8.12.0.2 (bez)
Related vulnerabilities
RCE w Soft AP Daemon Service — ArubaOS i InstantOS (KRYTYCZNY)
RCE w Soft AP Daemon Service — ArubaOS i InstantOS
Buffer overflow w usłudze Central Communications Aruba – nieuwierzytelnione RCE
Buffer overflow w CLI service ArubaOS/InstantOS umożliwiający zdalny RCE
Buffer overflow w CLI service ArubaOS/InstantOS — nieuwierzytelniony RCE