-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 HPE Aruba Networking Product Security Advisory =============================== Advisory ID: HPESBNW04894 CVE: CVE-2025-37103, CVE-2025-37102 Publication Date: 2025-JUL-08 Status: Confirmed Severity: Critical Revision: 1 Title ================ HPE Networking Instant On Access Point Multiple Vulnerabilities Overview ================ HPE Aruba Networking has released a software patch for HPE Networking Instant On Access Points that address multiple security vulnerabilities. Affected Products ================= HPE Networking Instant On Access Points running software version - 3.2.0.1 and below Unaffected Products =================== - HPE Networking Instant On Switches - Any other supported HPE Aruba Networking products and supported software versions that are not listed under the Affected Products section of this advisory Details =================== Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface (CVE-2025-37103) - - --------------------------------------------------------------------- Hardcoded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system. Internal Reference: ATLWL-566, ATLWL-562 Severity: Critical CVSS v3.1 Base Score: 9.8 CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by ZZ from Ubisectech Serius Team through HPE Aruba Networking's Bug Bounty program. Workaround: None Authenticated Command Injection Vulnerability In Instant On Command Line Interface (CVE-2025-37102) - - --------------------------------------------------------------------- An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privileged user. Internal References: ATLWL-561 Severity: High CVSS v3.1 Base Score: 7.2 CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by ZZ from Ubisectech Sirius Team through HPE Aruba Networking's Bug Bounty program. Workaround: None Resolution ========== Upgrade to HPE Networking Instant On software version 3.2.1.0 and above. Please note that Instant On devices started updating automatically during the week of June 30, 2025. No action is required from customers for this to occur, but manual upgrades may be triggered via the Instant On app or web portal after the release date. Note: These vulnerabilities only affect HPE Networking Instant On Access Points only. HPE Networking Instant On Switches are not affected. HPE Aruba Networking does not evaluate or patch software branches that have reached their End of Support Life (EoSL) milestone. For more information about HPE Aruba Networking products End of Support policy visit: https://hpe.com/psnow/doc/a00143052enw Workaround and Mitigations ========================== Vulnerability specific workarounds are listed per vulnerability above. You may contact HPE Services - Aruba Networking for assistance if needed. Exploitation and Public Discussion ================================== HPE Aruba Networking is not aware of any public discussion or exploit code targeting these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2025-Jul-08/ Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us For reporting NEW HPE Aruba Networking security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.hpe.com/info/psrt-pgp-key (c) Copyright 2025 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQHLBAEBCAA1FiEEMErWmuZGsYOCo0+xpjMm7I0cE64FAmhtYJ0XHHNlY3VyaXR5 LWFsZXJ0QGhwZS5jb20ACgkQpjMm7I0cE67x7Av/bt/eRF6dQ1KvclZxcfBgw49o 3dGWYRlBZBMn3RxrBLA3T4/kx/XIz8OyhAeYTOwECLSjWqiseahco8HdTCIkknM0 k+hVVQsoAxGZ8kBXlkokWowPTKLjHcc1HluzMzybOZV67CZvQzsnV0cUYbClBj7y EKF3QTcvK7FB/mRSf74KJAMmUB1jaSlED6UVWJsO9CVpsy3qHThqzWpmofR30bSC T60Udde6uV/ME0gfIbKnmfuS6SZ5hrwYqbVZ1Xo3Bql9jVW++t+moxYtLh750IEw M7LuQnqAdUTdthtqXOFgvy3BfSpVeDlPjFMJS3ayPuHAHwPf0N2x/zIQ6tN5t7Ke 8GP/db1E26JDwzome8WOtps/xa9PTzEVhG26PGvRkCEGERzIceqhNkYVSc7p6m94 QnIGA3OcdcBXTNVhb9rK2D/TYJ1fpuUs0GIdjCcq64rqkw2zJthNmBx9vaKEMMos TqquF/jpoUyQ2MpeVoVxT5GuYZzkcFwMeBoHmezk =KOQo -----END PGP SIGNATURE-----