CVE-2021-37722 – This CVE allows remote attackers to execute arb... (How to Fix)

Q: What is the severity of CVE-2021-37722?

CVE-2021-37722 has a CVSS score of 7.2 (HIGH). This CVE allows remote attackers to execute arbitrary commands on Aruba SD-WAN and gateway devices through improper neutralization of special elements used in a command. Affected organizations include those running vulnerable ArubaOS versions on SD-WAN software and gateways.

📋 TL;DR

This CVE allows remote attackers to execute arbitrary commands on Aruba SD-WAN and gateway devices through improper neutralization of special elements used in a command. Affected organizations include those running vulnerable ArubaOS versions on SD-WAN software and gateways.

💻 Affected Systems

Products:

Aruba SD-WAN Software
Aruba Gateways

Versions: ArubaOS versions prior to 8.6.0.4-2.2.0.4; prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25

Operating Systems: ArubaOS

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations running affected ArubaOS versions are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to gain persistent access, pivot to internal networks, deploy ransomware, or exfiltrate sensitive data.

🟠

Likely Case

Attackers gain initial foothold on network infrastructure, enabling lateral movement, credential harvesting, and deployment of additional malware.

🟢

If Mitigated

Attack prevented at perimeter with proper network segmentation, reducing impact to isolated network segments.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Vulnerability allows remote command execution without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.6.0.4-2.2.0.4 or later; 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25 or later

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt

Restart Required: Yes

Instructions:

1. Download appropriate patch from Aruba support portal. 2. Backup current configuration. 3. Apply patch following Aruba's upgrade procedures. 4. Reboot device. 5. Verify patch installation and functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable devices from internet and restrict access to management interfaces

Access Control Lists

all

Implement strict ACLs to limit access to management interfaces

🧯 If You Can't Patch

Immediately isolate affected devices from internet-facing networks
Implement strict network segmentation and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check ArubaOS version via CLI: 'show version' and compare against affected versions

Check Version:

show version

Verify Fix Applied:

Verify version after patch: 'show version' should show patched version

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Unauthorized configuration changes
Suspicious login attempts

Network Indicators:

Unexpected outbound connections from management interfaces
Anomalous traffic patterns from gateways

SIEM Query:

source="aruba_logs" AND (event_type="command_execution" OR event_type="config_change")

📊 Metadata

CVE ID: CVE-2021-37722

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: September 7, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf Mitigation,Third Party Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf Mitigation,Third Party Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37722, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Scalance W1750d Firmware by Siemens

Sd Wan by Arubanetworks

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control Lists

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities