Login Sign Up

CVE-2023-45624

7.5 HIGH
Denial of Service

📋 TL;DR

An unauthenticated Denial-of-Service vulnerability in the soft AP daemon accessed via PAPI protocol allows attackers to disrupt affected access points without authentication. This affects Aruba access points running vulnerable software versions, potentially causing service interruptions for connected devices.

💻 Affected Systems

Products:
  • Aruba Access Points with soft AP daemon
Versions: Specific versions not detailed in provided references; check Aruba advisory for exact affected versions
Operating Systems: ArubaOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability affects the PAPI protocol implementation in soft AP daemon; requires network access to vulnerable service

📦 What is this software?

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Instantos by Hp

View all CVEs affecting Instantos →

Instantos by Hp

View all CVEs affecting Instantos →

Instantos by Hp

View all CVEs affecting Instantos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of affected access points, rendering wireless networks unavailable for extended periods until manual intervention or reboot.

🟠

Likely Case

Temporary service interruption causing dropped connections and degraded network performance for wireless clients.

🟢

If Mitigated

Minimal impact if access points are patched or protected by network segmentation and access controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Unauthenticated DoS suggests relatively simple exploitation via crafted PAPI protocol requests

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Aruba advisory ARUBA-PSA-2023-017 for specific patched versions

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt

Restart Required: Yes

Instructions:

1. Review Aruba advisory ARUBA-PSA-2023-017. 2. Identify affected AP models and versions. 3. Download and apply appropriate firmware updates from Aruba support portal. 4. Reboot affected access points after patching.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to PAPI protocol on affected access points

Access Control Lists

all

Implement ACLs to limit which systems can communicate with AP management interfaces

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate AP management interfaces
  • Deploy intrusion prevention systems to detect and block DoS attempts against PAPI protocol

🔍 How to Verify

Check if Vulnerable:

Check AP firmware version against affected versions listed in Aruba advisory ARUBA-PSA-2023-017

Check Version:

show version (on Aruba AP CLI) or check via Aruba Central/Aruba AirWave

Verify Fix Applied:

Verify AP firmware version has been updated to patched version specified in Aruba advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual PAPI protocol traffic patterns
  • AP daemon crash/restart events
  • Increased error rates on AP management interfaces

Network Indicators:

  • Abnormal PAPI protocol traffic volume
  • AP management interface unresponsive to legitimate requests

SIEM Query:

source="aruba_ap" AND (event_type="crash" OR protocol="PAPI" AND traffic_volume>threshold)

📊 Metadata

CVE ID: CVE-2023-45624
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: November 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON