Multiple vulnerabilities in dnsmasq implementation in Aruba products



Published: 2021-02-24
Risk Low
Patch available NO
Number of vulnerabilities 3
CVE ID CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
CWE ID CWE-345
CWE-327
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe
Aruba Mobility Controller
Other software / Other software solutions

ArubaOS
Operating systems & Components / Operating system

Vendor Aruba Networks

Security Advisory

1) Insufficient verification of data authenticity

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-25684

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a lack of proper address/port check within the "reply_query" function. A remote attacker can perform a DNS cache poisoning attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address these vulnerabilities.

Vulnerable software versions

Aruba Mobility Controller: All versions

ArubaOS: All versions

CPE External links

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-006.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Use of a broken or risky cryptographic algorithm

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-25685

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a lack of query resource name (RRNAME) checks in the "reply_query" function. A remote attacker can perform a DNS cache poisoning attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address these vulnerabilities.

Vulnerable software versions

Aruba Mobility Controller: All versions

ArubaOS: All versions

CPE External links

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-006.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Insufficient verification of data authenticity

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-25686

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected software does not check for an existing pending request for the same name and forwards a new request. A remote attacker can perform a DNS cache poisoning attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address these vulnerabilities.

Vulnerable software versions

Aruba Mobility Controller: All versions

ArubaOS: All versions

CPE External links

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-006.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###