Login Sign Up

CVE-2023-45620

7.5 HIGH
Denial of Service

📋 TL;DR

Unauthenticated attackers can cause denial-of-service conditions in Aruba access points by exploiting vulnerabilities in the CLI service accessed via PAPI protocol. This affects Aruba access points with vulnerable firmware versions, potentially disrupting wireless network availability for organizations using these devices.

💻 Affected Systems

Products:
  • Aruba Access Points
Versions: Multiple firmware versions prior to the patched release
Operating Systems: ArubaOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects access points with CLI service enabled via PAPI protocol. The specific vulnerable firmware versions are detailed in the vendor advisory.

📦 What is this software?

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Instantos by Hp

View all CVEs affecting Instantos →

Instantos by Hp

View all CVEs affecting Instantos →

Instantos by Hp

View all CVEs affecting Instantos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of wireless network services across all affected access points, causing business operations to halt for organizations relying on wireless connectivity.

🟠

Likely Case

Intermittent service interruptions affecting specific access points, leading to degraded wireless performance and user connectivity issues.

🟢

If Mitigated

Minimal impact if access points are properly segmented and PAPI protocol access is restricted to trusted management networks only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Unauthenticated exploitation via network requests to the PAPI protocol interface. Attackers need network access to the vulnerable service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Aruba advisory ARUBA-PSA-2023-017 for specific patched versions

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt

Restart Required: Yes

Instructions:

1. Review Aruba advisory ARUBA-PSA-2023-017. 2. Identify affected firmware versions. 3. Download and apply the recommended firmware update from Aruba support portal. 4. Reboot affected access points after patching.

🔧 Temporary Workarounds

Restrict PAPI Protocol Access

all

Limit network access to the PAPI protocol service using firewall rules or network segmentation

Disable Unnecessary CLI Services

all

Disable CLI service via PAPI protocol if not required for operations

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate access points from untrusted networks
  • Deploy intrusion prevention systems (IPS) with rules to detect and block PAPI protocol exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version against vulnerable versions listed in Aruba advisory ARUBA-PSA-2023-017

Check Version:

show version (on Aruba access point CLI)

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in the advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual PAPI protocol traffic patterns
  • Access point service restarts or crashes
  • Increased error rates in CLI service logs

Network Indicators:

  • Abnormal PAPI protocol traffic to access points
  • Multiple connection attempts to CLI service ports

SIEM Query:

source="aruba_ap" AND (event_type="service_crash" OR protocol="PAPI" AND abnormal_traffic=true)

📊 Metadata

CVE ID: CVE-2023-45620
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: November 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON