CVE-2022-37888

Name of the Vulnerable Software and Affected Versions Aruba InstantOS versions 6.4.4.8 through 6.4.4.20 and below Aruba InstantOS versions 6.5.4.23 and below Aruba InstantOS versions 8.6.0.18 and below Aruba InstantOS versions 8.7.1.9 and below Aruba InstantOS versions 8.10.0.1 and below ArubaOS versions 10.3.1.0 and below

Description There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Recommendations For Aruba InstantOS versions 6.4.4.8 through 6.4.4.20 and below, update to a version above 6.4.4.20. For Aruba InstantOS versions 6.5.4.23 and below, update to a version above 6.5.4.23. For Aruba InstantOS versions 8.6.0.18 and below, update to a version above 8.6.0.18. For Aruba InstantOS versions 8.7.1.9 and below, update to a version above 8.7.1.9. For Aruba InstantOS versions 8.10.0.1 and below, update to a version above 8.10.0.1. For ArubaOS versions 10.3.1.0 and below, update to a version above 10.3.1.0. As a temporary workaround, consider restricting access to the PAPI UDP port (8211) until a patch is available.