PT-2020-15786 · Gnu+1 · Grub2+4
Published
2020-12-11
·
Updated
2021-11-18
·
CVE-2020-24637
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Aruba 9000 Gateway versions 2.1.0.1 through 2.2.0.0 and below
Aruba 7000 Series Mobility Controllers versions 6.4.4.23 through 8.7.0.0 and below
Aruba 7200 Series Mobility Controllers versions 6.4.4.23 through 8.7.0.0 and below
Description
Two vulnerabilities in ArubaOS GRUB2 implementation allow an attacker to bypass secureboot, potentially leading to remote compromise of system integrity by loading an untrusted or modified kernel.
Recommendations
For Aruba 9000 Gateway versions 2.1.0.1 through 2.2.0.0 and below, update to a version above 2.2.0.0 to resolve the issue.
For Aruba 7000 Series Mobility Controllers versions 6.4.4.23 through 8.7.0.0 and below, update to a version above 8.7.0.0 to resolve the issue.
For Aruba 7200 Series Mobility Controllers versions 6.4.4.23 through 8.7.0.0 and below, update to a version above 8.7.0.0 to resolve the issue.
As a temporary workaround, consider disabling the GRUB2 implementation until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aruba 7000 Series Mobility Controllers
Aruba 7200 Series Mobility Controllers
Aruba 9000 Gateway
Arubaos
Grub2