SB2024052937 - Multiple vulnerabilities in Aruba Access Points
Published: May 29, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2023-45614)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the underlying CLI service. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Buffer overflow (CVE-ID: CVE-2023-45615)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the underlying CLI service. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2023-45616)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the underlying AirWave client service. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Input validation error (CVE-ID: CVE-2023-45617)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the CLI service accessed by PAPI. A remote attacker can pass specially crafted input to the application and delete arbitrary files on the underlying operating system.
5) Input validation error (CVE-ID: CVE-2023-45618)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the in the AirWave client service accessed by PAPI. A remote attacker can pass specially crafted input to the application and delete arbitrary files on the underlying operating system.
6) Input validation error (CVE-ID: CVE-2023-45619)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the RSSI service accessed by PAPI. A remote attacker can pass specially crafted input to the application and delete arbitrary files on the underlying operating system.
7) Input validation error (CVE-ID: CVE-2023-45620)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CLI service accessed via the PAPI protocol. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2023-45621)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CLI service accessed via the PAPI protocol. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
9) Input validation error (CVE-ID: CVE-2023-45622)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the BLE daemon service accessed via the PAPI protocol. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
10) Input validation error (CVE-ID: CVE-2023-45623)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Wi-Fi Uplink service accessed via the PAPI protocol. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
11) Input validation error (CVE-ID: CVE-2023-45624)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the soft ap daemon accessed via the PAPI protocol. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
12) Command Injection (CVE-ID: CVE-2023-45625)
The vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the command line interface. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Input validation error (CVE-ID: CVE-2023-45626)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote administrator can pass specially crafted input to the application and execute arbitrary code on the target system.
14) Input validation error (CVE-ID: CVE-2023-45627)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CLI service. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.