CVE-2021-37724 – This CVE allows remote attackers to execute arb... (How to Fix)

Q: What is the severity of CVE-2021-37724?

CVE-2021-37724 has a CVSS score of 7.2 (HIGH). This CVE allows remote attackers to execute arbitrary commands on ArubaOS network devices without authentication. It affects ArubaOS versions prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, and 8.3.0.16. Network administrators using vulnerable Aruba switches, controllers, and gateways are at risk.

📋 TL;DR

This CVE allows remote attackers to execute arbitrary commands on ArubaOS network devices without authentication. It affects ArubaOS versions prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, and 8.3.0.16. Network administrators using vulnerable Aruba switches, controllers, and gateways are at risk.

💻 Affected Systems

Products:

ArubaOS
Aruba switches
Aruba controllers
Aruba gateways

Versions: Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16

Operating Systems: ArubaOS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected ArubaOS versions are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of network infrastructure, lateral movement to other systems, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Unauthorized network access, configuration changes, service disruption, and credential theft from network devices.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict access controls and network segmentation.

🌐 Internet-Facing: HIGH - Directly exposed devices can be exploited by any internet attacker without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability allows command injection without authentication, making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16 or later

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt

Restart Required: Yes

Instructions:

1. Download appropriate patch from Aruba support portal. 2. Backup current configuration. 3. Apply patch following ArubaOS upgrade procedures. 4. Reboot device. 5. Verify patch installation and functionality.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict management interface access to trusted IP addresses only

configure terminal
ip access-list standard MANAGEMENT-ACL
permit host [TRUSTED_IP]
deny any
interface vlan [MANAGEMENT_VLAN]
ip access-group MANAGEMENT-ACL in

Disable Unnecessary Services

all

Disable any unnecessary management services on vulnerable interfaces

configure terminal
no ip http server
no ip http secure-server
no service telnet

🧯 If You Can't Patch

Isolate vulnerable devices in separate VLAN with strict firewall rules
Implement network segmentation to limit lateral movement from compromised devices

🔍 How to Verify

Check if Vulnerable:

Check ArubaOS version with 'show version' command and compare against patched versions

Check Version:

show version | include Version

Verify Fix Applied:

Verify version is 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16 or later using 'show version'

📡 Detection & Monitoring

Log Indicators:

Unexpected command execution in system logs
Unauthorized configuration changes
Unusual authentication attempts to management interfaces

Network Indicators:

Unexpected outbound connections from network devices
Anomalous traffic patterns from management interfaces

SIEM Query:

source="aruba_device" AND (event_type="command_execution" OR event_type="configuration_change") AND user="unknown"

📊 Metadata

CVE ID: CVE-2021-37724

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: September 7, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf Patch,Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf Patch,Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37724, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Arubaos by Arubanetworks

Scalance W1750d Firmware by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Disable Unnecessary Services

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities