CVE-2020-24641
📋 TL;DR
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Aruba AirWave Glass versions before 1.3.3. Attackers can exploit an unauthenticated endpoint to access internal systems, potentially leading to authentication bypass and administrative access to the web interface. Organizations running vulnerable versions of Aruba AirWave Glass are affected.
💻 Affected Systems
- Aruba AirWave Glass
📦 What is this software?
Airwave Glass by Arubanetworks
⚠️ Risk & Real-World Impact
Worst Case
Full administrative compromise of the AirWave Glass system, allowing attackers to control the administrative interface, access sensitive network data, and potentially pivot to other internal systems.
Likely Case
Unauthenticated attackers gain access to internal services and sensitive information, leading to authentication bypass and limited administrative access.
If Mitigated
With proper network segmentation and access controls, impact is limited to the AirWave Glass system itself without lateral movement.
🎯 Exploit Status
Exploitation requires no authentication and leverages a known SSRF pattern against a specific endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.3
Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt
Restart Required: Yes
Instructions:
1. Download AirWave Glass version 1.3.3 or later from Aruba support portal. 2. Backup current configuration. 3. Apply the update following Aruba's upgrade documentation. 4. Restart the AirWave Glass service.
🔧 Temporary Workarounds
Network Access Control
allRestrict network access to the AirWave Glass administrative interface using firewall rules.
Authentication Enforcement
allImplement additional authentication layers or IP whitelisting for administrative access.
🧯 If You Can't Patch
- Isolate the AirWave Glass system in a dedicated network segment with strict firewall rules
- Implement web application firewall (WAF) rules to block SSRF patterns and unauthenticated requests to sensitive endpoints
🔍 How to Verify
Check if Vulnerable:
Check the AirWave Glass version in the administrative interface or via system logs. Versions before 1.3.3 are vulnerable.Check Version:
Check the web interface or system logs for version information (specific command varies by deployment)Verify Fix Applied:
Verify the version shows 1.3.3 or later in the administrative interface and test that the SSRF endpoint no longer accepts malicious requests.📡 Detection & Monitoring
Log Indicators:
- Unusual requests to internal endpoints from AirWave Glass
- Unauthenticated access attempts to administrative functions
- SSRF pattern requests in web logs
Network Indicators:
- Unexpected outbound connections from AirWave Glass to internal systems
- Traffic patterns suggesting internal service scanning
SIEM Query:
source="airwave_glass" AND (uri="*vulnerable_endpoint*" OR status="401" OR status="403")