Warning: two high vulnerabilities in HPE Aruba networking products can be exploited for authenticated remote code execution

Image
Decorative image
Veröffentlicht : 10/01/2025

Reference:
Advisory #2025-009

Version:
1.0

Affected software:
HPE Aruba Networking 501 Wireless Client Bridge

Type:
Remote code execution

CVE/CVSS:
CVE-2024-54006: CVSS 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
CVE-2024-54007: CVSS 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

Sources

https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04763.txt
 

Risks

On 7 January 2025, HPE Aruba Networking addressed two vulnerabilities in the web interface of 501 Wireless Client Bridge. CVE-2024-54006 and CVE-2024-54007 are both command injection vulnerabilities which could be exploited to perform authenticated remote code execution. 
There is no information as to active exploitation at this time (cut-off date: 10 January 2025).
Exploitation of these vulnerabilities can have a high impact on confidentiality and integrity, and no impact on availability.
 

Description

Both CVE-2024-54006 and CVE-2024-54007 are command injection vulnerabilities existing in the web interface of HPE Aruba Networking’s 501 Wireless Client Bridge. Successful exploitation of these vulnerabilities could enable an authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system. 
Exploitation of either vulnerability requires administrative authentication credentials on the host system.
 

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
HPE Aruba Networking recommends updating to V2.1.2.0-B0033 and above.
 
Please note that, to minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.
 
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://notif.safeonweb.be/.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04763.txt