CVE-2022-37889

Name of the Vulnerable Software and Affected Versions Aruba InstantOS versions 6.4.4.8 through 4.2.4.20 and below Aruba InstantOS versions 6.5.4.23 and below Aruba InstantOS versions 8.6.0.18 and below Aruba InstantOS versions 8.7.1.9 and below Aruba InstantOS versions 8.10.0.1 and below ArubaOS versions 10.3.1.0 and below

Description The issue is related to buffer overflow vulnerabilities in multiple underlying services, which could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Recommendations For Aruba InstantOS versions 6.4.4.8 through 4.2.4.20 and below, upgrade to a version that addresses these security vulnerabilities. For Aruba InstantOS versions 6.5.4.23 and below, upgrade to a version that addresses these security vulnerabilities. For Aruba InstantOS versions 8.6.0.18 and below, upgrade to a version that addresses these security vulnerabilities. For Aruba InstantOS versions 8.7.1.9 and below, upgrade to a version that addresses these security vulnerabilities. For Aruba InstantOS versions 8.10.0.1 and below, upgrade to a version that addresses these security vulnerabilities. For ArubaOS versions 10.3.1.0 and below, upgrade to a version that addresses these security vulnerabilities. As a temporary workaround, consider restricting access to the PAPI UDP port (8211) to minimize the risk of exploitation.