Aruba Networks Points Safety Advisory for Six Important Flaws in ArubaOS – Router Change Weblog

March 3, 2023

2

Aruba Networks, a subsidiary of Hewlett Packard Enterprise, has just lately launched a safety advisory to tell its prospects about six critical-severity vulnerabilities impacting a number of variations of ArubaOS, its proprietary community working system. The affected gadgets embrace Aruba Mobility Conductor, Aruba Mobility Controllers, and Aruba-managed WLAN Gateways and SD-WAN Gateways.

The vital flaws addressed by Aruba Networks might be separated into two classes: command injection flaws and stack-based buffer overflow issues within the PAPI protocol. The command injection vulnerabilities are tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750, with a CVSS v3 ranking of 9.8 out of 10.0. An unauthenticated, distant attacker can leverage them by sending specifically crafted packets to the PAPI over UDP port 8211, leading to arbitrary code execution as a privileged person on ArubaOS.

The stack-based buffer overflow bugs are tracked as CVE-2023-22751 and CVE-2023-22752 and still have a CVSS v3 ranking of 9.8. These flaws are exploitable by sending specifically crafted packets to the PAPI over UDP port 8211, permitting unauthenticated, distant attackers to run arbitrary code as privileged customers on ArubaOS.

The influence of those vulnerabilities is important, as ArubaOS is a well-liked community working system utilized by many enterprises. The affected variations are ArubaOS 8.6.0.19 and under, ArubaOS 8.10.0.4 and under, ArubaOS 10.3.1.0 and under, and SD-WAN 8.7.0.0-2.3.0.8 and under.

Aruba has suggested customers to improve to the goal improve variations to mitigate the vulnerabilities. The goal variations for the completely different programs are as follows:

ArubaOS 8.10.0.5 and above
ArubaOS 8.11.0.0 and above
ArubaOS 10.3.1.1 and above
SD-WAN 8.7.0.0-2.3.0.9 and above

Nevertheless, you will need to be aware that a number of product variations which have reached Finish of Life (EoL) are additionally affected by these vulnerabilities and won’t obtain a fixing replace. These embrace ArubaOS 6.5.4.x, ArubaOS 8.7.x.x, ArubaOS 8.8.x.x, ArubaOS 8.9.x.x, and SD-WAN 8.6.0.4-2.2.x.x. System directors who can’t apply the safety updates or are utilizing EoL gadgets can allow the “Enhanced PAPI Safety” mode utilizing a non-default key as a workaround.

It is usually price noting that making use of the mitigations doesn’t tackle one other 15 high-severity and eight medium-severity vulnerabilities listed in Aruba’s safety advisory, that are mounted by the brand new variations.

Aruba has said that it’s unaware of any public dialogue, exploit code, or energetic exploitation of those vulnerabilities as of the discharge date of the advisory, February 28, 2022. Nevertheless, given the severity of the vulnerabilities, it is necessary for enterprises to take immediate motion to improve their programs or implement the really helpful mitigations to keep away from potential assaults that might result in information breaches and different safety incidents.

Regardless of the latest safety advisory, Aruba Networks stays a number one supplier of cutting-edge networking services and products which can be designed to satisfy the distinctive wants of in the present day’s companies. Let’s discover a few of their key merchandise with ArubaOS.

HPE JZ320A – Aruba AP303 Entry Level

JZ320A is the Aruba AP-303 (RW) Twin 2×2:2 MU-MIMO Radio Inside Antennas Unified Campus AP. The inexpensive mid-range Aruba 303 Collection campus entry level delivers excessive efficiency 802.11ac with MU-MIMO (Wave 2) for medium density enterprise environments. With the built-in BLE and supporting 802.3af energy, the Aruba 303 Collection AP allows enterprises to enhance their work effectivity and productiveness with the bottom TCO.

JZ320A Specification
Product Title	Aruba AP-303 (RW) Twin 2×2:2 MU-MIMO Radio Inside Antennas Unified Campus AP
Producer Half Quantity	JZ320A
Product Collection	303
Product Mannequin	AP-303
Product Kind	Wi-fi Entry Level
Technical Info
Wi-fi LAN Commonplace	IEEE 802.11ac
Frequency Band	5 GHz 2.40 GHz
Whole Variety of Antennas	2
Variety of Inside Antennas	2
Wi-fi Transmission Velocity	1.20 Gbit/s
MIMO Expertise	Sure
Beamforming Expertise	Sure
Interfaces/Ports
Ethernet Expertise	Gigabit Ethernet
Variety of Community (RJ-45) Ports	1
PoE PD Port	Sure
VGA	No
HDMI	No
USB	Sure
Powerline	No
Administration Port	Sure
Bodily Traits
Kind Issue	Ceiling Mountable Wall Mountable
Peak	1.4″
Width	5.9″
Depth	5.9″
Guarantee
Restricted Guarantee	Lifetime
Miscellaneous
Environmentally Pleasant	Sure
Environmental Certification	cTUVus

HPE Q9H57A – Aruba AP514 Entry Level

The 510 collection makes use of 802.11ax options to effectively and concurrently serve a number of purchasers and site visitors sorts in dense environments, rising information charges for each particular person system and general system.

Q9H57A Specification
Ports	(1) HPE SmartRate RJ-45 port (most negotiated pace 2.5Gbps), (1) 10/100/1000BASE-T Ethernet
Mounting	Pre-installed mounting bracket, to be used with non-obligatory mounting package
Enter voltage	PoE/PoE+ or direct DC energy (by way of non-obligatory energy provide)
Energy Consumption	POE powered (802.3at): 19W (802.3at PoE), 13.5W (802.3af PoE), 17 W (DC energy provide)
Wi-Fi antenna	4 RP-SMA connectors for exterior dual-band antennas.
Radio protection	Twin-radio IEEE 802.11ax entry level with OFDMA and Multi-Consumer MIMO (MU-MIMO). Helps as much as 4.8 Gbps within the 5GHz band (with 4SS/HE160 purchasers) and as much as 575 Mbps within the 2.4GHz band (with 2SS/ HE40 purchasers).
Product Dimensions (imperial)	1.8 x 7.9 x 7.9 in

JW743A – HPE Aruba 7200 Collection Controllers

JW743A specification
Machine Kind	Community administration system
Kind Issue	Rack-mountable – 1U
Knowledge Hyperlink Protocol	Ethernet, Quick Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet
Efficiency	Firewall throughput: 20 Gbps
Capability	Most variety of entry factors: 512 / Concurrent gadgets: 16384 / Digital interfaces (VLANs): 4094 / Concurrent GRE tunnels: 8192 / Most RAPs: 512 / Concurrent tunneled ports: 8192 / Concurrent IPSec classes: 16384 / Concurrent SSL fallback classes: 8192 / Lively firewall classes: 2015291
Energy	AC 120/230 V (50/60 Hz)
Energy Redundancy	Sure
Dimensions (WxDxH)	17.5 in x 17.5 in x 1.7 in

JL376A Change

The Aruba 8400 Change Collection is a core and aggregation change answer with an revolutionary and highly effective method to coping with the brand new functions, safety and scalability calls for of the cell, cloud and IoT period.

JL376A Specification
Interfaces/Ports
Uplink Port	No
Modular	Sure
Stack Port	Sure
Media & Efficiency
Media Kind Supported	Optical Fiber
Ethernet Expertise	10 Gigabit Ethernet, 40 Gigabit Ethernet, 100 Gigabit Ethernet
Community Expertise	10GBase-X, 40GBase-X, 100GBase-X
I/O Expansions
Variety of Whole Growth Slots	8
Community & Communication
Layer Supported	3
Administration & Protocols
Manageable	Sure
Energy Description
Energy Supply	Energy Provide
Redundant Energy Provide Supported	Sure
Bodily Traits
Suitable Rack Unit	8U
Kind Issue	Rack-mountable, Rail-mountable, Floor Mount
Peak	13.8″
Width	17.4″
Depth	26″

Are you curious about these merchandise? Welcome to study particulars and test the worth on Router-switch.com, and please be at liberty to test the the datasheets there.

Do you have got any query concerning the worth?

Contact us now by way of Dwell Chat or gross sales@router-switch.com. Simply take pleasure in as much as 5% off to get the brand new factory-sealed Aruba merchandise!