-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aruba Product Security Advisory
===============================
Advisory ID: ARUBA-PSA-2022-005
CVE: CVE-2021-41004, CVE-2021-41005
Publication Date: 2022-Apr-05
Status: Confirmed
Severity: High
Revision: 1
Title
=====
Aruba Instant On Switch Denial of Service Vulnerabilities
Overview
========
Aruba has discovered two Denial of Service vulnerabilities in Aruba Instant
On 1930 Switches. CVE-2021-41005 requires authentication to be exploited and
CVE-2021-41004 can be exploited without supplying any authentication
information.
Affected Products
=================
-- Aruba Instant On 1930 switches firmware versions 1.0.7.0 and below when
managed through the local web interface.
Unaffected Products
===================
-- All other Aruba Switches and all Aruba Access Points
-- Instant On 1930 Switches when managed through cloud-based mobile app and
web portal.
Details
=======
Two Denial of Service vulnerabilities were discovered in Aruba Instant On 1930
Switches. These vulnerabilities can be exploited to cause the switch to reboot.
CVE-2021-41004 does not require authentication credentials to exploit the
Denial of Service condition. CVE-2021-41005 requires authentication in order to
be successfully exploited.
These vulnerabilities only impact locally managed switches. Cloud managed switches
are not impacted by these vulnerabilities.
Unauthenticated Denial of Service: (CVE-2021-41004)
Internal references: ASIRT-881
Severity: High
CVSSv3 Overall Score: 7.5
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Authenticated Denial of Service: (CVE-2021-41005)
Internal references: ASIRT-882
Severity: Medium
CVSSv3 Overall Score: 6.5
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Resolution
==========
Upgrading to version 2.5.0.42 or above addresses both of these vulnerabilities.
Firmware can be manually updated with the download from here:
https://community.arubaInstantOn.com/browse/blogs/blogviewer?blogkey=8aac4e14-50d9-4991-8c72-602a4d87768dExploitation and Public Discussion
==================================
Aruba is not aware of any public proof of concept code.
Workaround and Mitigations
==========================
To further minimize the likelihood of an attacker exploiting these vulnerabilities,
Aruba recommends that the web-based management interface for Aruba Instant On
switches be restricted to a dedicated layer 2 segment/VLAN and/or controlled by
firewall policies at layer 3 and above.
Discovery
=========
These vulnerabilities were discovered by Nicholas Starke of Aruba Threat Labs.
Revision History
================
Revision 1 / 2022-Apr-05 / Initial release
Aruba SIRT Security Procedures
==============================
To receive Security Advisory updates, subscribe to notifications at
https://sirt.arubanetworks.com/mailman/listinfo/security-alerts_sirt.arubanetworks.comComplete information on reporting security vulnerabilities in
Aruba Networks products and obtaining assistance with security
incidents is available at:
https://www.arubanetworks.com/support-services/security-bulletins/For reporting *NEW* Aruba Networks security issues, email can
be sent to aruba-sirt(at)hpe.com. For sensitive information we
encourage the use of PGP encryption. Our public keys can be found
at:
https://www.arubanetworks.com/support-services/security-bulletins/(c) Copyright 2022 by Aruba, a Hewlett Packard Enterprise
company. This advisory may be redistributed freely after the
release date given at the top of the text, provided that the
redistributed copies are complete and unmodified, including all
data and version information.
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAmJEV64ACgkQmP4JykWF
htkZ+wf9FVgK2et0k0a1GFERnmREPQN6Y1/y3yICcM5HapG9CoXNPLEX9iVUgzXr
OghdVqKYvmvOhdTYQc7niYg7iwknintrM+JRvuW7xaxnR22FvcMxaE4TIp9apobU
4v1/SStZ3Z5lGcsV5dzWflN0GSOtKisOPlHtyy3oYhkYLfudhIIA8zT21z+8omY0
CCtVxqfUeueF/TXsJBkqZg2gZDrs/EJdbNjLYPMztXgmhUV8MTkE/LszXdZDfWVA
VxerR/FaxW0yTH+qVvYSdoWBYPG8s8FcDi4pr0VappPJBtdA1KzwMMOdlwQEEX0z
1rO9+m8ROR23aFPnpfAn1G5DhtT7Vg==
=Sy0k
-----END PGP SIGNATURE-----
------------------------------
Aruba Instant On Communications
------------------------------