Login Sign Up

CVE-2024-25612

7.2 HIGH
Remote Code Execution

📋 TL;DR

Authenticated command injection vulnerabilities in ArubaOS CLI allow attackers with valid credentials to execute arbitrary commands as privileged users on the underlying operating system. This affects Aruba networking devices running vulnerable versions of ArubaOS.

💻 Affected Systems

Products:
  • ArubaOS
Versions: Specific versions not provided in CVE description; check vendor advisory for details
Operating Systems: ArubaOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the CLI; default configurations with weak credentials increase risk

📦 What is this software?

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to install persistent backdoors, steal sensitive data, pivot to other network segments, or disrupt network operations.

🟠

Likely Case

Privilege escalation leading to unauthorized configuration changes, network reconnaissance, or lateral movement within the network.

🟢

If Mitigated

Limited impact if strong authentication controls, network segmentation, and least privilege principles are properly implemented.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires valid credentials but command injection typically has low complexity once authenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt

Restart Required: Yes

Instructions:

1. Review vendor advisory for affected versions. 2. Download and apply the appropriate patch from Aruba support portal. 3. Reboot affected devices as required. 4. Verify patch installation.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit CLI access to trusted administrative networks and implement strong authentication controls

Implement Network Segmentation

all

Isolate management interfaces from general network traffic

🧯 If You Can't Patch

  • Implement strict access controls and multi-factor authentication for administrative accounts
  • Monitor CLI access logs for suspicious activity and implement network segmentation

🔍 How to Verify

Check if Vulnerable:

Check ArubaOS version against vendor advisory; review if CLI access is exposed to untrusted networks

Check Version:

show version

Verify Fix Applied:

Verify ArubaOS version is updated to patched version specified in vendor advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual CLI command patterns
  • Multiple failed authentication attempts followed by successful login
  • Commands with shell metacharacters in CLI logs

Network Indicators:

  • Unexpected outbound connections from management interfaces
  • Anomalous traffic patterns from network devices

SIEM Query:

source="aruba_logs" AND (event_type="cli_command" AND command="*;*" OR command="*|*" OR command="*`*" OR command="*$(*")

📊 Metadata

CVE ID: CVE-2024-25612
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: March 5, 2024
Last Updated: July 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25612, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)