CVE-2022-37895 An DoS vulnerability exists in Aruba's handling of certain SSID strings.

If you have installed a version of Aruba InstantOS that is prior to the release listed above, you will need to upgrade to a supported release in order to continue operating your network with that particular software. Unauthorized access to the AP via the SSID, and the injection of malicious code into the management interface is possible. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.

What you need to do to address this vulnerability

If you have installed a version of Aruba InstantOS prior to the release listed above, you will need to upgrade the software to a supported release listed above. If you cannot upgrade your software, contact Aruba Technical Support for assistance in addressing this security issue.
For information on how to address this vulnerability, refer to:
- https://www.arubanetworks.com/support/product-content/en/installing-upgrading-software/installing-upgrading-software-article/installing-upgrading-software?id=210727
- https://www.arubanetworks.com/support/product-content/en/security-alerts?id=210728

What to do if you are using an unsupported version of Aruba InstantOS

If you are using an unsupported version of Aruba InstantOS, the best course of action is to upgrade it to a supported release. Please contact Aruba Support for more information on how to upgrade your software.

Recommended Actions

If you have Aruba InstantOS 6.4.4.8-4.2.4.20 and below, upgrade to Aruba InstantOS 6.5.4.23 or higher to resolve this security vulnerability

What is the Aruba InstantOS?

The Aruba InstantOS is a Linux-based operating system that enables a user to quickly deploy and configure access points, user portals, and other services on the Aruba Mobility Controller.

Timeline

Published on: 10/07/2022 19:15:00 UTC
Last modified on: 11/09/2022 04:00:00 UTC

References

• https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt
• https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37895