Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2021-37721
Vulnerability from cvelistv5
Published
2021-09-07 12:35
Modified
2024-08-04 01:23
Severity ?
EPSS score ?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
▼ | URL | Tags | |
---|---|---|---|
security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Aruba SD-WAN Software and Gateways; Aruba Operating System Software |
Version: Prior to 8.6.0.4-2.2.0.4 Version: Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:23:01.549Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", vendor: "n/a", versions: [ { status: "affected", version: "Prior to 8.6.0.4-2.2.0.4", }, { status: "affected", version: "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25", }, ], }, ], descriptions: [ { lang: "en", value: "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.", }, ], problemTypes: [ { descriptions: [ { description: "remote arbitrary command execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-12T11:06:13", orgId: "eb103674-0d28-4225-80f8-39fb86215de0", shortName: "hpe", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-alert@hpe.com", ID: "CVE-2021-37721", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", version: { version_data: [ { version_value: "Prior to 8.6.0.4-2.2.0.4", }, { version_value: "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "remote arbitrary command execution", }, ], }, ], }, references: { reference_data: [ { name: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", refsource: "MISC", url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "eb103674-0d28-4225-80f8-39fb86215de0", assignerShortName: "hpe", cveId: "CVE-2021-37721", datePublished: "2021-09-07T12:35:27", dateReserved: "2021-07-29T00:00:00", dateUpdated: "2024-08-04T01:23:01.549Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.2.0.0\", \"versionEndExcluding\": \"2.2.0.4\", \"matchCriteriaId\": \"E4BAB5F6-D00B-49DA-A9C9-26D19168185B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.4.4.0\", \"versionEndExcluding\": \"6.4.4.25\", \"matchCriteriaId\": \"453F3449-5019-47EB-9376-F8C7EBE5F6CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.5.4.0\", \"versionEndExcluding\": \"6.5.4.20\", \"matchCriteriaId\": \"5F859BC9-85CF-4C03-A651-625CD7C9FDB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.3.0.0\", \"versionEndExcluding\": \"8.3.0.16\", \"matchCriteriaId\": \"CACA5E45-FF52-4596-B261-AE05788A18E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.5.0.0\", \"versionEndExcluding\": \"8.5.0.13\", \"matchCriteriaId\": \"2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.6.0.0\", \"versionEndExcluding\": \"8.6.0.9\", \"matchCriteriaId\": \"4D6032E8-9480-4323-BD48-B390716D2A28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.7.0.0\", \"versionEndExcluding\": \"8.7.1.4\", \"matchCriteriaId\": \"FB50A0F6-66FC-43CA-AA96-3498EC383052\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBC30055-239F-4BB1-B2D1-E5E35F0D8911\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado una vulnerabilidad de ejecuci\\u00f3n remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad\"}]", id: "CVE-2021-37721", lastModified: "2024-11-21T06:15:48.020", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2021-09-07T13:15:07.773", references: "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf\", \"source\": \"security-alert@hpe.com\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt\", \"source\": \"security-alert@hpe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "security-alert@hpe.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2021-37721\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2021-09-07T13:15:07.773\",\"lastModified\":\"2024-11-21T06:15:48.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una vulnerabilidad de ejecución remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0.0\",\"versionEndExcluding\":\"2.2.0.4\",\"matchCriteriaId\":\"E4BAB5F6-D00B-49DA-A9C9-26D19168185B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.4.0\",\"versionEndExcluding\":\"6.4.4.25\",\"matchCriteriaId\":\"453F3449-5019-47EB-9376-F8C7EBE5F6CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5.4.0\",\"versionEndExcluding\":\"6.5.4.20\",\"matchCriteriaId\":\"5F859BC9-85CF-4C03-A651-625CD7C9FDB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0.0\",\"versionEndExcluding\":\"8.3.0.16\",\"matchCriteriaId\":\"CACA5E45-FF52-4596-B261-AE05788A18E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0.0\",\"versionEndExcluding\":\"8.5.0.13\",\"matchCriteriaId\":\"2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.6.0.0\",\"versionEndExcluding\":\"8.6.0.9\",\"matchCriteriaId\":\"4D6032E8-9480-4323-BD48-B390716D2A28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.7.0.0\",\"versionEndExcluding\":\"8.7.1.4\",\"matchCriteriaId\":\"FB50A0F6-66FC-43CA-AA96-3498EC383052\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBC30055-239F-4BB1-B2D1-E5E35F0D8911\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
fkie_cve-2021-37721
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:15
Severity ?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
References
▼ | URL | Tags | |
---|---|---|---|
security-alert@hpe.com | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf | Mitigation, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
arubanetworks | sd-wan | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
arubanetworks | arubaos | * | |
siemens | scalance_w1750d_firmware | - | |
siemens | scalance_w1750d | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", matchCriteriaId: "E4BAB5F6-D00B-49DA-A9C9-26D19168185B", versionEndExcluding: "2.2.0.4", versionStartIncluding: "2.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "453F3449-5019-47EB-9376-F8C7EBE5F6CE", versionEndExcluding: "6.4.4.25", versionStartIncluding: "6.4.4.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "5F859BC9-85CF-4C03-A651-625CD7C9FDB5", versionEndExcluding: "6.5.4.20", versionStartIncluding: "6.5.4.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "CACA5E45-FF52-4596-B261-AE05788A18E4", versionEndExcluding: "8.3.0.16", versionStartIncluding: "8.3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "2F42DE58-41F6-4DB3-9EAA-FF8D971CFA6A", versionEndExcluding: "8.5.0.13", versionStartIncluding: "8.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "4D6032E8-9480-4323-BD48-B390716D2A28", versionEndExcluding: "8.6.0.9", versionStartIncluding: "8.6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "FB50A0F6-66FC-43CA-AA96-3498EC383052", versionEndExcluding: "8.7.1.4", versionStartIncluding: "8.7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1D412FC9-835A-4FAB-81B0-4FFB8F48ACA3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", matchCriteriaId: "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad de ejecución remota de comandos arbitrarios en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; anteriores a 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba ha publicado parches para Aruba SD-WAN Software and Gateways y ArubaOS que solucionan esta vulnerabilidad de seguridad", }, ], id: "CVE-2021-37721", lastModified: "2024-11-21T06:15:48.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-07T13:15:07.773", references: [ { source: "security-alert@hpe.com", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", }, { source: "security-alert@hpe.com", tags: [ "Vendor Advisory", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", }, ], sourceIdentifier: "security-alert@hpe.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2021-37721
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-37721", description: "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.", id: "GSD-2021-37721", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-37721", ], details: "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.", id: "GSD-2021-37721", modified: "2023-12-13T01:23:09.709592Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security-alert@hpe.com", ID: "CVE-2021-37721", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", version: { version_data: [ { version_value: "Prior to 8.6.0.4-2.2.0.4", }, { version_value: "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "remote arbitrary command execution", }, ], }, ], }, references: { reference_data: [ { name: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", refsource: "MISC", url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.2.0.4", versionStartIncluding: "2.2.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.4.4.25", versionStartIncluding: "6.4.4.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.5.4.20", versionStartIncluding: "6.5.4.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.3.0.16", versionStartIncluding: "8.3.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.5.0.13", versionStartIncluding: "8.5.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.6.0.9", versionStartIncluding: "8.6.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.7.1.4", versionStartIncluding: "8.7.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:scalance_w1750d_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security-alert@hpe.com", ID: "CVE-2021-37721", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-77", }, ], }, ], }, references: { reference_data: [ { name: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", refsource: "CONFIRM", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, }, }, lastModifiedDate: "2022-04-22T18:49Z", publishedDate: "2021-09-07T13:15Z", }, }, }
ghsa-qx8p-m7p2-h44c
Vulnerability from github
Published
2022-05-24 19:13
Modified
2022-05-24 19:13
Severity ?
Details
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
{ affected: [], aliases: [ "CVE-2021-37721", ], database_specific: { cwe_ids: [ "CWE-77", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2021-09-07T13:15:00Z", severity: "HIGH", }, details: "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.", id: "GHSA-qx8p-m7p2-h44c", modified: "2022-05-24T19:13:13Z", published: "2022-05-24T19:13:13Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37721", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", }, { type: "WEB", url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
ICSA-21-287-07
Vulnerability from csaf_cisa
Published
2021-10-12 00:00
Modified
2022-10-11 00:00
Summary
Siemens SCALANCE
Notes
Summary
The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit multiple buffer overflow vulnerabilities that could lead to denial of service or unauthenticated remote code execution.
Siemens has released updates for the SCALANCE W1750D and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{ document: { acknowledgments: [ { organization: "Siemens ProductCERT", summary: "reporting these vulnerabilities to CISA.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, notes: [ { category: "summary", text: "The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit multiple buffer overflow vulnerabilities that could lead to denial of service or unauthenticated remote code execution.\n\nSiemens has released updates for the SCALANCE W1750D and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "other", text: "This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.", title: "Advisory Conversion Disclaimer", }, { category: "other", text: "Multiple", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", title: "Recommended Practices", }, { category: "general", text: "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", title: "Recommended Practices", }, { category: "general", text: "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", title: "Recommended Practices", }, { category: "general", text: "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", title: "Recommended Practices", }, { category: "general", text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, ], publisher: { category: "other", contact_details: "central@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "SSA-280624: Multiple Vulnerabilities in SCALANCE W1750D - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-280624.json", }, { category: "self", summary: "SSA-280624: Multiple Vulnerabilities in SCALANCE W1750D - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-280624.txt", }, { category: "self", summary: "SSA-280624: Multiple Vulnerabilities in SCALANCE W1750D - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", }, { category: "self", summary: "ICS Advisory ICSA-21-287-07 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-287-07.json", }, { category: "self", summary: "ICS Advisory ICSA-21-287-07 - Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-07", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/topics/industrial-control-systems", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, ], title: "Siemens SCALANCE", tracking: { current_release_date: "2022-10-11T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-21-287-07", initial_release_date: "2021-10-12T00:00:00.000000Z", revision_history: [ { date: "2021-10-12T00:00:00.000000Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, { date: "2022-10-11T00:00:00.000000Z", legacy_version: "1.1", number: "2", summary: "Updated the affected product table with SCALANCE W1750D version V8.7.1.9", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V8.7.1.3", product: { name: "SCALANCE W1750D", product_id: "CSAFPID-0001", }, }, { category: "product_version_range", name: ">=8.7.1.9", product: { name: "SCALANCE W1750D", product_id: "CSAFPID-0002", }, }, { category: "product_version_range", name: ">=V8.7.1.3_<V8.7.1.9", product: { name: "SCALANCE W1750D", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "SCALANCE W1750D", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2019-5318", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, notes: [ { category: "summary", text: "The web interface for RAPConsole lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to reboot the affected device if the attacker can convince a user to visit a specially-crafted web page.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0002", ], }, { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, ], title: "CVE-2019-5318", }, { cve: "CVE-2021-37716", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "summary", text: "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of devices running ArubaOS. This may potentially allow for denial-of-service attacks and/or remote code execution in the underlying operating system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37716", }, { cve: "CVE-2021-37717", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS web-based management user interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37717", }, { cve: "CVE-2021-37718", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS web-based management user interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37718", }, { cve: "CVE-2021-37719", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37719", }, { cve: "CVE-2021-37720", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37720", }, { cve: "CVE-2021-37721", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37721", }, { cve: "CVE-2021-37722", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37722", }, { cve: "CVE-2021-37723", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. These particular vulnerabilities are only present in instances of the Mobility Conductor. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the Mobility Conductor running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37723", }, { cve: "CVE-2021-37724", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. These particular vulnerabilities are only present in instances of the Mobility Conductor. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the Mobility Conductor running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37724", }, { cve: "CVE-2021-37725", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, notes: [ { category: "summary", text: "A vulnerability in the web-based management interface of ArubaOS could allow an unauthenticated remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in the deletion of arbitrary files with the privilege level of the targeted user.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37725", }, { cve: "CVE-2021-37728", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "summary", text: "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to impact the integrity of critical files on the underlying operating system. This allows an attacker to impact the availability of the ArubaOS instance and may allow for modification of sensitive data.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37728", }, { cve: "CVE-2021-37729", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "summary", text: "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to impact the integrity of critical files on the underlying operating system. This allows an attacker to impact the availability of the ArubaOS instance and may allow for modification of sensitive data.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37729", }, { cve: "CVE-2021-37731", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "summary", text: "An authenticated local path traversal vulnerability exists in the ArubaOS web-based management interface and CLI. This vulnerability only affects physical hardware controllers such as the 9000 series and 7x00 series. Successful exploitation of this vulnerability requires physical access to the controller and results in the ability to impact the integrity and confidentiality of critical files on the underlying operating system. This allows an attacker to impact the availability of the ArubaOS instance and may allow for modification or disclosure of sensitive data.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37731", }, { cve: "CVE-2021-37733", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "summary", text: "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37733", }, ], }
icsa-21-287-07
Vulnerability from csaf_cisa
Published
2021-10-12 00:00
Modified
2022-10-11 00:00
Summary
Siemens SCALANCE
Notes
Summary
The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit multiple buffer overflow vulnerabilities that could lead to denial of service or unauthenticated remote code execution.
Siemens has released updates for the SCALANCE W1750D and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{ document: { acknowledgments: [ { organization: "Siemens ProductCERT", summary: "reporting these vulnerabilities to CISA.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, notes: [ { category: "summary", text: "The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit multiple buffer overflow vulnerabilities that could lead to denial of service or unauthenticated remote code execution.\n\nSiemens has released updates for the SCALANCE W1750D and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "other", text: "This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.", title: "Advisory Conversion Disclaimer", }, { category: "other", text: "Multiple", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", title: "Recommended Practices", }, { category: "general", text: "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", title: "Recommended Practices", }, { category: "general", text: "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", title: "Recommended Practices", }, { category: "general", text: "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", title: "Recommended Practices", }, { category: "general", text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, ], publisher: { category: "other", contact_details: "central@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "SSA-280624: Multiple Vulnerabilities in SCALANCE W1750D - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-280624.json", }, { category: "self", summary: "SSA-280624: Multiple Vulnerabilities in SCALANCE W1750D - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-280624.txt", }, { category: "self", summary: "SSA-280624: Multiple Vulnerabilities in SCALANCE W1750D - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf", }, { category: "self", summary: "ICS Advisory ICSA-21-287-07 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-287-07.json", }, { category: "self", summary: "ICS Advisory ICSA-21-287-07 - Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-07", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/topics/industrial-control-systems", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, ], title: "Siemens SCALANCE", tracking: { current_release_date: "2022-10-11T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-21-287-07", initial_release_date: "2021-10-12T00:00:00.000000Z", revision_history: [ { date: "2021-10-12T00:00:00.000000Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, { date: "2022-10-11T00:00:00.000000Z", legacy_version: "1.1", number: "2", summary: "Updated the affected product table with SCALANCE W1750D version V8.7.1.9", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V8.7.1.3", product: { name: "SCALANCE W1750D", product_id: "CSAFPID-0001", }, }, { category: "product_version_range", name: ">=8.7.1.9", product: { name: "SCALANCE W1750D", product_id: "CSAFPID-0002", }, }, { category: "product_version_range", name: ">=V8.7.1.3_<V8.7.1.9", product: { name: "SCALANCE W1750D", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "SCALANCE W1750D", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2019-5318", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, notes: [ { category: "summary", text: "The web interface for RAPConsole lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to reboot the affected device if the attacker can convince a user to visit a specially-crafted web page.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0002", ], }, { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", ], }, ], title: "CVE-2019-5318", }, { cve: "CVE-2021-37716", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "summary", text: "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of devices running ArubaOS. This may potentially allow for denial-of-service attacks and/or remote code execution in the underlying operating system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37716", }, { cve: "CVE-2021-37717", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS web-based management user interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37717", }, { cve: "CVE-2021-37718", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS web-based management user interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37718", }, { cve: "CVE-2021-37719", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37719", }, { cve: "CVE-2021-37720", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37720", }, { cve: "CVE-2021-37721", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37721", }, { cve: "CVE-2021-37722", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37722", }, { cve: "CVE-2021-37723", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. These particular vulnerabilities are only present in instances of the Mobility Conductor. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the Mobility Conductor running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37723", }, { cve: "CVE-2021-37724", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. These particular vulnerabilities are only present in instances of the Mobility Conductor. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the Mobility Conductor running ArubaOS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37724", }, { cve: "CVE-2021-37725", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, notes: [ { category: "summary", text: "A vulnerability in the web-based management interface of ArubaOS could allow an unauthenticated remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in the deletion of arbitrary files with the privilege level of the targeted user.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37725", }, { cve: "CVE-2021-37728", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "summary", text: "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to impact the integrity of critical files on the underlying operating system. This allows an attacker to impact the availability of the ArubaOS instance and may allow for modification of sensitive data.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0003", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "vendor_fix", details: "Update to V8.7.1.9 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109813747/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0003", ], }, ], title: "CVE-2021-37728", }, { cve: "CVE-2021-37729", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "summary", text: "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to impact the integrity of critical files on the underlying operating system. This allows an attacker to impact the availability of the ArubaOS instance and may allow for modification of sensitive data.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37729", }, { cve: "CVE-2021-37731", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "summary", text: "An authenticated local path traversal vulnerability exists in the ArubaOS web-based management interface and CLI. This vulnerability only affects physical hardware controllers such as the 9000 series and 7x00 series. Successful exploitation of this vulnerability requires physical access to the controller and results in the ability to impact the integrity and confidentiality of critical files on the underlying operating system. This allows an attacker to impact the availability of the ArubaOS instance and may allow for modification or disclosure of sensitive data.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37731", }, { cve: "CVE-2021-37733", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "summary", text: "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V8.7.1.3 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109802805/", }, { category: "workaround", details: "Block access to the ArubaOS Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the ArubaOS web-based management interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Block access to the Mobility Conductor Command Line Interface from all untrusted users", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance", product_ids: [ "CSAFPID-0001", ], }, { category: "workaround", details: "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-37733", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.