HPE wars customers of Sudo flaw in Aruba AirWave Management Platform

Hewlett Packard Enterprise (HPE) warns of a vulnerability in Sudo open-source program used in its Aruba AirWave management platform.

Hewlett Packard Enterprise (HPE) is warning of a high-severity privilege escalation vulnerability in Sudo open-source program used within its Aruba AirWave management platform. The Aruba AirWave management platform is a real-time monitoring and security alert platform designed by HPE.

An unprivileged and unauthenticated local attacker could exploit the vulnerability to gain root privileges on a vulnerable host.

“A vulnerability in the command line parameter parsing code of sudo could allow an attacker with access to sudo to execute commands or binaries with root privileges. The main impact of this vulnerability would be as part of a “chained attack” where an attacker has achieved a foothold with lower privileges via another vulnerability and then uses this to escalate privileges.” reads the security advisory.

Experts warn that this flaw could be chained with other vulnerabilities by an attacker with lower privileges to escalate them once obtained access to the target system.

The CVE-2021-3156 was discovered by Qualys researchers in January, it has allowed any local user to gain root privileges on Unix-like operating systems without authentication.

Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system.

sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser. It originally stood for “superuser do” as the older versions of sudo were designed to run commands only as the superuser.

The Sudo CVE-2021-3156 vulnerability, dubbed Baron Samedit, is a heap-based buffer overflow that was reported on January 13th and disclosed at the end of January to give the development team the time to address the issue.

HPE confirmed that the flaw affected the AirWave management platform prior to version 8.2.13.0 that was released on June 18, 2021.

HPE also provided a workaround for HPE AirWave customers and pointed out that Aruba is not aware of any attacks in the wild against Aruba products exploiting the above vulnerability.

“To minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the CLI and web-based management interfaces for AirWave be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.” concludes the advisory.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2021-3156)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.