CVE-2017-8946: HPE Aruba AirWave Glass Product Remote Code Execution Vulnerability

The AirWave network management platform provides visibility into wired and wireless networks, supporting mobile devices and applications. HPE Aruba has provided AirWave Glass upgrade version 1.0.1-1, and NSFOCUS released the HPE Aruba AirWave Glass Remote Code Implementation Vulnerability Threat Announcement.

HPE Aruba AirWave Glass Remote Code Execution Vulnerability Threat Announcement

Local time on May 24, 2017 , HP official release of the security notice, disclosed a HPE Aruba AirWave Glass products exist on the implementation of remote code loopholes, CVE number CVE-2017-8946, CVSS ratings are as follows:

For this security issue, HP official has released a new version, the official website is as follows:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03751en_us

HPE Aruba AirWave network management

The AirWave network management platform provides visibility into wired and wireless networks, supporting mobile devices and applications. AirWave proactively monitors the status and performance of all connections and gives IT staff the information they need to support digital workplaces.

Sphere of influence

Affected versions Aruba Airwave Software Glass Version v1.0.0 and 1.0.1

Note: Only AirWave Glass is affected and the standard AirWave is not affected

Unaffected version of Aruba AirWave Glass version 1.0.1-1

How to prevent

HPE Aruba has provided the new AirWave Glass version 1.0.1-1. Users can download new OVA files at https://support.arubanetworks.com or upgrade them at the product’s administrator interface .

Because the vulnerability is very difficult to detect, it is strongly recommended that the affected user download the new file to reinstall the product to protect the vulnerability.

Reference link:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03751en_us