SSA-280624
Vulnerability from csaf_siemens - Published: 2021-10-12 00:00 - Updated: 2022-10-11 00:00Summary
SSA-280624: Multiple Vulnerabilities in SCALANCE W1750D
Notes
Summary
The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit multiple buffer overflow vulnerabilities that could lead to denial of service or unauthenticated remote code execution.
Siemens has released updates for the SCALANCE W1750D and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit multiple buffer overflow vulnerabilities that could lead to denial of service or unauthenticated remote code execution.\n\nSiemens has released updates for the SCALANCE W1750D and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-280624: Multiple Vulnerabilities in SCALANCE W1750D - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf"
},
{
"category": "self",
"summary": "SSA-280624: Multiple Vulnerabilities in SCALANCE W1750D - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-280624.txt"
},
{
"category": "self",
"summary": "SSA-280624: Multiple Vulnerabilities in SCALANCE W1750D - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-280624.json"
}
],
"title": "SSA-280624: Multiple Vulnerabilities in SCALANCE W1750D",
"tracking": {
"current_release_date": "2022-10-11T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-280624",
"initial_release_date": "2021-10-12T00:00:00Z",
"revision_history": [
{
"date": "2021-10-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-10-11T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated the affected product table with SCALANCE W1750D version V8.7.1.9"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V8.7.1.3",
"product": {
"name": "SCALANCE W1750D",
"product_id": "1"
}
},
{
"category": "product_version_range",
"name": "\u003e= 8.7.1.9",
"product": {
"name": "SCALANCE W1750D",
"product_id": "2"
}
},
{
"category": "product_version_range",
"name": "\u003e= V8.7.1.3 \u003c V8.7.1.9",
"product": {
"name": "SCALANCE W1750D",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SCALANCE W1750D"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-5318",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "summary",
"text": "The web interface for RAPConsole lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to reboot the affected device if the attacker can convince a user to visit a specially-crafted web page.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "vendor_fix",
"details": "Update to V8.7.1.9 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109813747/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1",
"2",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1",
"2",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1",
"2",
"3"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1",
"2",
"3"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1",
"2",
"3"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1",
"2",
"3"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1",
"2",
"3"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2019-5318"
},
{
"cve": "CVE-2021-37716",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of devices running ArubaOS. This may potentially allow for denial-of-service attacks and/or remote code execution in the underlying operating system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-37716"
},
{
"cve": "CVE-2021-37717",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Authenticated command injection vulnerabilities exist in the ArubaOS web-based management user interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "vendor_fix",
"details": "Update to V8.7.1.9 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109813747/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1",
"3"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"3"
]
}
],
"title": "CVE-2021-37717"
},
{
"cve": "CVE-2021-37718",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Authenticated command injection vulnerabilities exist in the ArubaOS web-based management user interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "vendor_fix",
"details": "Update to V8.7.1.9 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109813747/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1",
"3"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"3"
]
}
],
"title": "CVE-2021-37718"
},
{
"cve": "CVE-2021-37719",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "vendor_fix",
"details": "Update to V8.7.1.9 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109813747/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1",
"3"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"3"
]
}
],
"title": "CVE-2021-37719"
},
{
"cve": "CVE-2021-37720",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "vendor_fix",
"details": "Update to V8.7.1.9 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109813747/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1",
"3"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"3"
]
}
],
"title": "CVE-2021-37720"
},
{
"cve": "CVE-2021-37721",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "vendor_fix",
"details": "Update to V8.7.1.9 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109813747/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1",
"3"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"3"
]
}
],
"title": "CVE-2021-37721"
},
{
"cve": "CVE-2021-37722",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "vendor_fix",
"details": "Update to V8.7.1.9 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109813747/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1",
"3"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"3"
]
}
],
"title": "CVE-2021-37722"
},
{
"cve": "CVE-2021-37723",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. These particular vulnerabilities are only present in instances of the Mobility Conductor. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the Mobility Conductor running ArubaOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-37723"
},
{
"cve": "CVE-2021-37724",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. These particular vulnerabilities are only present in instances of the Mobility Conductor. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the Mobility Conductor running ArubaOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-37724"
},
{
"cve": "CVE-2021-37725",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability in the web-based management interface of ArubaOS could allow an unauthenticated remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in the deletion of arbitrary files with the privilege level of the targeted user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-37725"
},
{
"cve": "CVE-2021-37728",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to impact the integrity of critical files on the underlying operating system. This allows an attacker to impact the availability of the ArubaOS instance and may allow for modification of sensitive data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "vendor_fix",
"details": "Update to V8.7.1.9 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109813747/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1",
"3"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1",
"3"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"3"
]
}
],
"title": "CVE-2021-37728"
},
{
"cve": "CVE-2021-37729",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to impact the integrity of critical files on the underlying operating system. This allows an attacker to impact the availability of the ArubaOS instance and may allow for modification of sensitive data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-37729"
},
{
"cve": "CVE-2021-37731",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "An authenticated local path traversal vulnerability exists in the ArubaOS web-based management interface and CLI. This vulnerability only affects physical hardware controllers such as the 9000 series and 7x00 series. Successful exploitation of this vulnerability requires physical access to the controller and results in the ability to impact the integrity and confidentiality of critical files on the underlying operating system. This allows an attacker to impact the availability of the ArubaOS instance and may allow for modification or disclosure of sensitive data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-37731"
},
{
"cve": "CVE-2021-37733",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.7.1.3 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109802805/"
},
{
"category": "workaround",
"details": "Block access to the ArubaOS Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the ArubaOS web-based management interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Block access to the Mobility Conductor Command Line Interface from all untrusted users",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance",
"product_ids": [
"1"
]
},
{
"category": "workaround",
"details": "The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at \nhttps://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-37733"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…