Initiatives for
    
    As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
      
     
                  Reference:
Advisory #2023-54
Version:
1.0
Affected software:
Access Points running InstantOS and ArubaOS 10
ArubaOS 10.3.x: 10.3.1.0 and below
Aruba InstantOS 8.10.x: 8.10.0.4 and below
Aruba InstantOS 8.6.x: 8.6.0.19 and below
Aruba InstantOS 6.5.x: 6.5.4.23 and below
Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below
Aruba InstantOS 8.9.x: all (End-of-life)
Aruba InstantOS 8.8.x: all (End-of-life)
Aruba InstantOS 8.7.x: all (End-of-life)
Aruba InstantOS 8.5.x: all (End-of-life)
Aruba InstantOS 8.4.x: all (End-of-life)
CVE/CVSS:
CVE-2023-22779 CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-22787 CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVE-2023-22788 CVSS: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-22791 CVSS: 5.4 (CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N)
Aruba Networks: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt
ArubaOS and InstantOS are affected by multiple vulnerabilities including critical unauthenticated buffer overflows, that can lead to unauthenticated remote code execution. Additionally, products are affected by unauthenticated Denial of Service, authenticated Remote Code execution and sensitive Information disclosure vulnerabilities.
The vendor has patched most affected systems, but warns that there is no patch available for End-of-Life (EOL) systems. At the moment of writing, there Is no Indication of exploitation In the wild.
The vulnerabilities affect multiple underlying services accessed by the PAPI (Aruba's access point management protocol). Therefore the different CVEs created describe the same vulnerability (CVE-2023-22779, CVE-2023-22780, CVE-2023-22781, CVE-2023-22782, CVE-2023-22783, CVE-2023-22784, CVE-2023-22785, CVE-2023-22786).
By sending specially crafted packets destined to the PAPI UDP port (8211), an unauthenticated attacker can execute arbitrary code as a privileged user on the underlying operating system.
The vulnerability exists in a service accessed via the PAPI protocol and results in the ability to interrupt the normal operation of the affected access point.
By exploiting these vulnerabilities, an authenticated attacker can execute arbitrary commands as a privileged user on the underlying operating system. CVEs include: CVE-2023-22788, CVE-2023-22789, CVE-2023-22790.
This vulnerability is complicated to exploit as it has 3 requirements and depends on factors not controlled by the attacker. A specific network configuration and WLAN environment can lead to sensitive information disclosure via the WLAN, if the attacker already possesses valid credentials.
 
The Centre for Cybersecurity Belgium strongly recommends network administrators to patch the identified vulnerable products in their environment and replace any EOL products, after thorough testing. Follow the vendors instructions.
https://nvd.nist.gov/vuln/detail/CVE-2023-22779
https://nvd.nist.gov/vuln/detail/CVE-2023-22787
https://nvd.nist.gov/vuln/detail/CVE-2023-22788
https://nvd.nist.gov/vuln/detail/CVE-2023-22791