Overview

JoCERT has issued an alert regarding critical command injection vulnerabilities discovered in HPE Aruba’s 501 Wireless Client Bridge. The vulnerabilities, tracked as CVE-2024-54006 and CVE-2024-54007, allow authenticated attackers with administrative privileges to execute arbitrary commands on the device’s underlying operating system.

These flaws have been rated as high severity (CVSS score: 7.2) and pose a significant risk if left unaddressed.

A publicly released proof-of-concept (PoC) exploit further amplifies the urgency for organizations using affected devices to take immediate action.

Vulnerabilities Overview

HPE Aruba Networking has confirmed the existence of multiple command injection vulnerabilities in the web interface of the 501 Wireless Client Bridge. Below is a detailed breakdown of these vulnerabilities:

• CVE-2024-54006: Exploitation enables attackers to execute arbitrary commands as privileged users.
• CVE-2024-54007: Similarly, this flaw allows attackers to run commands remotely with administrative credentials.

Both vulnerabilities:

• Require administrative authentication credentials to exploit.
• Allow attackers to gain full control over the device upon successful exploitation.
• Impact the confidentiality, integrity, and availability of the device.

Affected Software Versions

The vulnerabilities affect the following software versions:

• HPE Aruba 501 Wireless Client Bridge: Versions V2.1.1.0-B0030 and below.

Devices running software versions higher than V2.1.2.0-B0033 are not impacted. Any other HPE Aruba Networking products not explicitly mentioned remain unaffected.

Severity and Exploitability

• Severity: High (CVSS score: 7.2)
• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
• Exploitability: Exploitation requires authenticated administrative credentials. However, once exploited, attackers gain full control of the device, potentially enabling malicious activities such as data exfiltration, lateral movement, and network disruption.
• Public Discussion: A proof-of-concept exploit script has been released publicly, making these vulnerabilities more accessible to attackers.

Mitigation and Recommendations

To safeguard against these vulnerabilities, organizations should follow these steps:

1. Upgrade to a Fixed Version:
   • Update affected devices to software version V2.1.2.0-B0033 or later. The fixed software can be downloaded from the HPE Networking Support Portal.

2. Restrict Management Interfaces:
   • Limit access to the Command Line Interface (CLI) and web-based management interfaces to a dedicated Layer 2 VLAN or secure them with Layer 3 firewall policies.

3. Audit Network Devices:
   • Conduct a thorough security audit of all Aruba devices within your network to identify any unauthorized access or misconfigurations.

4. Strengthen Authentication Mechanisms:
   • Enforce strong administrative passwords.
   • Regularly rotate administrative credentials to minimize the risk of unauthorized access.

5. Monitor for Suspicious Activity:
   • Implement robust monitoring to detect any unusual or unauthorized access attempts to the 501 Wireless Client Bridge.

6. Stay Informed:
   • Subscribe to HPE’s Security Bulletin alerts to receive updates about future vulnerabilities and patches.

Technical Details of the Vulnerabilities

CVE-2024-54006

• Description: Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge, allowing attackers to execute arbitrary commands as a privileged user. Exploitation requires administrative authentication credentials.
• CVSS Base Score: 7.2
• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2024-54007

• Description: Similar to CVE-2024-54006, this vulnerability allows authenticated attackers to execute commands on the device’s underlying operating system via the web interface.
• CVSS Base Score: 7.2
• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Both vulnerabilities were discovered and reported by Nicholas Starke of HPE Aruba Networking SIRT and Hosein Vita.

Workarounds

For organizations unable to immediately update to the fixed version, the following workarounds are recommended:

• Restrict Network Access: Isolate the device management interfaces to a secure VLAN or subnet.
• Firewall Rules: Configure Layer 3 and above firewall policies to limit access to the management interfaces.
• Monitoring and Logging: Enable detailed logging to monitor for unusual administrative activities.

These workarounds are temporary and should not replace patching, which is the most effective mitigation strategy.

Final Notes

These command injection vulnerabilities in HPE Aruba’s 501 Wireless Client Bridge underline the importance of proactive cybersecurity practices. With the rise of publicly disclosed exploits, organizations must act quickly to mitigate risks by updating vulnerable devices, monitoring for threats, and enforcing strict access controls.

Failure to address these vulnerabilities could result in compromised devices, data breaches, and disrupted operations. Take immediate action to protect your network and maintain the integrity of your systems.

Source: https://jocert.ncsc.jo/EN/ListDetails/Security_Alerts__Advisorites/1203/87

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04763en_us&docLocale

The post  JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products appeared first on Cyble.

Blog – Cyble – ​Read More

Our security solutions for Android are temporarily unavailable in the official Google Play store. To install Kaspersky apps on Android devices, we recommend using alternative app stores. You can also install our apps manually from the APK files available on our website or in your My Kaspersky account. This post gives in-depth instructions for installing Kaspersky on Android in 2025.

General recommendations

First, the good news: any Kaspersky apps you’ve already installed from Google Play will continue to work on your device. But they’ll automatically receive only antivirus database updates — not app or security feature improvements. If you uninstall an app, you won’t be able to reinstall it from Google Play.

Therefore, we recommend not deleting the apps already installed from Google Play, but to download and install over them the versions from these alternative stores:

• Samsung Galaxy Store
• Huawei AppGallery
• Vivo V-Appstore

You’ll find the same set of Kaspersky apps in all these stores, and the download methods are also alike:

• Open the store app.
• Enter “kaspersky” in the search bar (you may need to tap the magnifying glass icon to open the bar).
• Find the app you want in the search results.
• Depending on the store, tap Get, Install, Download or Update, or simply touch the download icon next to the name of the app.

If our apps are already installed on your device and you then download them from alternative stores, your device will retain all settings, and you won’t have to reactivate the license. What’s more, the apps can be updated automatically by enabling auto-update in the settings of the alternative store. Below is a how-to guide for all the recommended stores.

You can also install apps by downloading the APK files from our website. When you install over existing apps, all settings and licenses are retained. However, apps installed this way will not be updated automatically — you’ll need to track down new versions yourself, download them as APK files, and install them on your device manually. Because this is less convenient, we’ll soon be adding a feature to update apps automatically via their APK files, and will notify you when new updates come out. In the meantime, we recommend using the alternative app stores mentioned above.

What to do if your smartphone only has Google Play

If you only have Google Play on your smartphone, you first need to install an alternative app store, for example, Huawei AppGallery. Here’s how to do it:

• Open this link in your browser.
• Tap Download.
• Follow the on-screen instructions, tapping OK in response to any system warnings.

You can now download Kaspersky apps. More detailed instructions are available on the Huawei AppGallery website.

How to enable auto-update for Kaspersky apps in alternative stores

To make sure you always have the latest version, after installing an app from an alternative store you need to enable auto-update in the store settings. We have step-by-step instructions for all stores — just follow one of the links below to go to the one you need:

• Samsung Galaxy Store
• Huawei AppGallery
• Vivo V-Appstore

Samsung Galaxy Store

To enable auto-update of apps in the Samsung Galaxy Store:

• Open the menu (three horizontal lines).
• Go to Settings by tapping the gear icon in the top-right corner of the screen.
• On the screen that opens, find Auto update apps, and select Using Wi-Fi or mobile data.

Huawei AppGallery

To enable auto-update of apps in Huawei AppGallery:

• Tap Me at the bottom right of the screen.
• Go to Settings.
• Tap Auto-update apps, and select On.

Vivo V-Appstore

To enable auto-update of apps in Vivo V-Appstore:

• Go to Manage by tapping the icon in the bottom right corner of the screen.
• Go to Settings by tapping the gear icon at the top of the screen.
• Tap Notifications and upgrades.
• Enable App auto-update.

How to install Kaspersky apps from APK files

First, you need to download the APK files from your My Kaspersky account or from our website by following the corresponding link:

• Download the Kaspersky for Android APK file
• Download the Kaspersky VPN Secure Connection APK file
• Download the Kaspersky Password Manager APK file
• Download the Kaspersky Safe Kids APK file

Your device may warn you that the file isn’t safe to download. If this happens, confirm your action by tapping Keep or Download.

Once the download is complete, go to My files → Downloads, and tap the downloaded file. When installing it, you’ll need to allow installation of unknown apps from a new source. Here’s how to do it: Go to Settings → Apps → Additional → Special app access → Install unknown apps, find your browser in the list, and toggle the switch “Allow app installs” to On. That done, the Kaspersky app will continue to install. See here for more detailed instructions.

After installing our apps, make sure to turn this feature Off, since it can pose a security risk and so should only be used when absolutely necessary. To find out why we insist on this, see this Kaspersky Daily post.

How to buy a Premium subscription in your Kaspersky app

You can buy a subscription — for example, Kaspersky Premium — directly in the app itself. To do this, navigate to Profile, and under the Kaspersky Free icon tap Let’s go. Then select one of the three subscription tiers — Kaspersky Standard, Kaspersky Plus, or Kaspersky Premium and the number of devices you want to protect, and check out.

How to activate an existing license in your Kaspersky app

If you installed any of our apps from an alternative store or from an APK file over one already installed from Google Play, there’s no need to reactivate your license.

If you bought a Kaspersky app on Google Play and connected it to your My Kaspersky account, but then uninstalled it and downloaded a new one from an APK file or an alternative store, your previously purchased license will work without any problems. See our detailed activation instructions.

If you uninstalled a Kaspersky app that was purchased from Google Play but not connected to your My Kaspersky account, then installed a new one according to the instructions in this post, please contact technical support to reactivate your license. They’ll be happy to assist.

If you have a license for multiple devices, the easiest way to activate apps on additional devices is to install them using the links in My Kaspersky — this way they’ll be activated automatically. You can also install Kaspersky apps from an alternative store or APK file as described above, and follow the instructions to activate the license.

Kaspersky official blog – ​Read More