CVE-2021-37718 – This CVE allows remote attackers to execute arb... (How to Fix)

Q: What is the severity of CVE-2021-37718?

CVE-2021-37718 has a CVSS score of 7.2 (HIGH). This CVE allows remote attackers to execute arbitrary commands on affected Aruba SD-WAN and gateway devices. The vulnerability stems from improper neutralization of special elements used in a command (CWE-77), enabling attackers to run malicious code with system privileges. Organizations using Aruba SD-WAN Software, Gateways, or ArubaOS before the patched versions are affected.

📋 TL;DR

This CVE allows remote attackers to execute arbitrary commands on affected Aruba SD-WAN and gateway devices. The vulnerability stems from improper neutralization of special elements used in a command (CWE-77), enabling attackers to run malicious code with system privileges. Organizations using Aruba SD-WAN Software, Gateways, or ArubaOS before the patched versions are affected.

💻 Affected Systems

Products:

Aruba SD-WAN Software
Aruba Gateways
ArubaOS

Versions: ArubaOS prior to 8.6.0.4-2.2.0.6; prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16

Operating Systems: ArubaOS

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations running affected versions are vulnerable. No special configuration is required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of affected devices, allowing attackers to install persistent backdoors, pivot to internal networks, exfiltrate sensitive data, or disrupt network operations.

🟠

Likely Case

Attackers gain unauthorized access to network infrastructure, potentially intercepting traffic, modifying configurations, or launching further attacks against internal systems.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the affected device itself, though it still represents a significant security breach.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability allows remote command execution without authentication, making it highly attractive to attackers. While no public proof-of-concept exists, similar command injection vulnerabilities are frequently weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ArubaOS 8.6.0.4-2.2.0.6 or later; 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16 or later

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt

Restart Required: Yes

Instructions:

1. Download the appropriate patched version from Aruba support portal. 2. Backup current configuration. 3. Apply the update following Aruba's upgrade procedures. 4. Reboot the device. 5. Verify the new version is running.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to affected devices to only trusted management networks

Firewall Rules

all

Implement strict firewall rules to block unnecessary inbound connections to management interfaces

🧯 If You Can't Patch

Isolate affected devices in a dedicated network segment with strict access controls
Implement network monitoring and intrusion detection specifically for traffic to/from affected devices

🔍 How to Verify

Check if Vulnerable:

Check ArubaOS version via CLI: 'show version' and compare against affected versions

Check Version:

show version

Verify Fix Applied:

After patching, run 'show version' to confirm version matches patched releases

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Unexpected configuration changes
Authentication failures followed by successful access

Network Indicators:

Unusual outbound connections from network devices
Traffic patterns inconsistent with normal operations
Unexpected management protocol traffic

SIEM Query:

source="aruba_device" AND (event_type="command_execution" OR config_change="true")

📊 Metadata

CVE ID: CVE-2021-37718

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: September 7, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf Mitigation,Third Party Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf Mitigation,Third Party Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37718, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Scalance W1750d Firmware by Siemens

Sd Wan by Arubanetworks

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Firewall Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities