CVE-2024-54006 & CVE-2024-54007: Command Injection Flaws in HPE Aruba Devices, PoC Publicly Available

HPE Aruba Networking has issued a security advisory addressing multiple command injection vulnerabilities in its 501 Wireless Client Bridge. These flaws, tracked as CVE-2024-54006 and CVE-2024-54007, could allow authenticated attackers to execute arbitrary commands on affected devices.

“Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution,” states the advisory. “Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system.”

The vulnerabilities were discovered by Nicholas Starke of HPE Aruba Networking SIRT and independent security researcher Hosein Vita. Vita has also publicly released a proof-of-concept exploit for one of the vulnerabilities, increasing the urgency for users to apply the available patches.

While exploitation requires administrative credentials, the impact of a successful attack could be severe. Attackers could gain complete control of the device, potentially disrupting network services, stealing sensitive data, or using the compromised bridge as a pivot point for further attacks within the network.

To address these vulnerabilities, HPE Aruba Networking has released software version V2.1.2.0-B0033 for the 501 Wireless Client Bridge. Users are strongly advised to upgrade to this version as soon as possible.

As a temporary mitigation, HPE Aruba Networking recommends restricting access to the device’s management interfaces: “To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.”

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply