Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: two high vulnerabilities in HPE Aruba networking products can be exploited for authenticated remote code execution
Image
Published : 10/01/2025
Reference:
Advisory #2025-009
Version:
1.0
Affected software:
HPE Aruba Networking 501 Wireless Client Bridge
Type:
Remote code execution
CVE/CVSS:
CVE-2024-54006: CVSS 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
CVE-2024-54007: CVSS 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
Sources
https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04763.txt
Risks
On 7 January 2025, HPE Aruba Networking addressed two vulnerabilities in the web interface of 501 Wireless Client Bridge. CVE-2024-54006 and CVE-2024-54007 are both command injection vulnerabilities which could be exploited to perform authenticated remote code execution.
There is no information as to active exploitation at this time (cut-off date: 10 January 2025).
Exploitation of these vulnerabilities can have a high impact on confidentiality and integrity, and no impact on availability.
Description
Both CVE-2024-54006 and CVE-2024-54007 are command injection vulnerabilities existing in the web interface of HPE Aruba Networking’s 501 Wireless Client Bridge. Successful exploitation of these vulnerabilities could enable an authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system.
Exploitation of either vulnerability requires administrative authentication credentials on the host system.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
HPE Aruba Networking recommends updating to V2.1.2.0-B0033 and above.
Please note that, to minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://notif.safeonweb.be/.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04763.txt