CVE-2025-37134
📋 TL;DR
An authenticated command injection vulnerability in the CLI binary of AOS-8 Controller/Mobility Conductor allows attackers with valid credentials to execute arbitrary commands with privileged system access. This affects organizations using Aruba's AOS-8 networking equipment. Attackers could gain full control of affected devices.
💻 Affected Systems
- ArubaOS 8 Controller
- Aruba Mobility Conductor
📦 What is this software?
Arubaos by Arubanetworks
Arubaos by Arubanetworks
Arubaos by Arubanetworks
Arubaos by Arubanetworks
Arubaos by Arubanetworks
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the network controller allowing lateral movement, data exfiltration, and persistent backdoor installation across the entire network infrastructure.
Likely Case
Privilege escalation leading to configuration changes, credential harvesting, and disruption of network services.
If Mitigated
Limited impact if strong authentication controls, network segmentation, and least privilege access are properly implemented.
🎯 Exploit Status
Exploitation requires valid credentials but command injection is straightforward once authenticated. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: AOS-8.12.0.0 or later
Vendor Advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04957en_us&docLocale=en_US
Restart Required: Yes
Instructions:
1. Download AOS-8.12.0.0 or later from Aruba support portal. 2. Backup current configuration. 3. Upload and install the new firmware via web interface or CLI. 4. Reboot the controller after installation completes.
🔧 Temporary Workarounds
Restrict CLI Access
allLimit CLI access to trusted administrative accounts and networks only
configure terminal
aaa authentication login default local
aaa authorization exec default local
line vty 0 15
access-class TRUSTED-NETWORKS in
exit
Implement Command Filtering
allApply input validation and command filtering on CLI inputs
configure terminal
no privilege exec level 15
privilege exec level 1 show
privilege exec level 1 ping
exit
🧯 If You Can't Patch
- Implement strict network segmentation to isolate controllers from untrusted networks
- Enforce multi-factor authentication and strong password policies for all administrative accounts
🔍 How to Verify
Check if Vulnerable:
Check current AOS version: show version | include Version. If version is below 8.12.0.0, system is vulnerable.Check Version:
show version | include VersionVerify Fix Applied:
After patching, verify version is 8.12.0.0 or higher: show version | include Version📡 Detection & Monitoring
Log Indicators:
- Unusual CLI command patterns
- Multiple failed authentication attempts followed by successful login
- Execution of system-level commands from CLI sessions
Network Indicators:
- Unexpected outbound connections from controllers
- Anomalous traffic patterns from controller management interfaces
SIEM Query:
source="aruba-controller" AND (event_type="cli_command" AND command="*;*" OR command="*|*" OR command="*`*")