-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 HPE Aruba Networking Product Security Advisory ======================================== Advisory ID: HPESBNW05062 CVE: CVE-2024-39894 Publication Date: 2026-JUN-02 Status: FINAL Severity: High Revision: 1 Title ==== OpenSSH Keystroke Obfuscation Bypass in HPE Aruba Networking ArubaOS-CX Switches. Overview ======== A vulnerability in OpenSSH's ObscureKeystrokeTiming feature (introduced in version 9.5) renders its keystroke timing obfuscation ineffective due to a logic error. This may allow attackers to observe keystroke timing patterns despite the feature being enabled by default. Affected Products =============== HPE Aruba Networking ArubaOS-CX Switches - 10.16.1000 and below - 10.15.0005 and below - 10.13.1080 and below - 10.10.1150 and below Product software versions that have reached End of Maintenance (EoM) are presumed to be affected by this vulnerability unless explicitly stated otherwise, and are not covered by this security advisory. Unaffected Products ================= Any other HPE Aruba Networking products and software versions not specifically listed above are not affected by the OpenSSH Keystroke Obfuscation Bypass vulnerability. Details ====== OpenSSH Keystroke Obfuscation Bypass (CVE-2024-39894) - ------------------------------------------------------------ A vulnerability in OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. Internal References: VULN-57 Severity: High CVSS v3.1 Base Score: 7.5 CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by Philippos Giavridis, Jacky Wei En Kung, Daniel Hugenroth and Alastair Beresford (University of Cambridge) Resolution ========= HPE Aruba Networking ArubaOS-CX Switches - ArubaOS-CX 10.16.xxxx: 10.16.1010 and above - ArubaOS-CX 10.15.xxxx: 10.15.1010 and above - ArubaOS-CX 10.13.xxxx: 10.13.1090 and above - ArubaOS-CX 10.10.xxxx: 10.10.1160 and above Software versions with resolution/fixes for the Vulnerability covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/ HPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw Workaround ========== To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that access to the SSH port on impacted devices be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above. Exploitation and Public Discussion ============================ This CVE has been widely discussed in public. Additional details about this vulnerability is available at https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc. At this time, HPE Aruba Networking is not aware of any publicly available exploitation tools or techniques that specifically target HPE Aruba Networking products. Revision History ============= Revision 1 / 2026-JUN-02 / Initial release HPE Aruba Networking SIRT Security Procedures ======================================= Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: http://www.hpe.com/support/security-response-policy For reporting NEW HPE Aruba Networking security issues, email can be sent to networking-sirt@hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.hpe.com/info/psrt-pgp-key (c) Copyright 2026 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information -----BEGIN PGP SIGNATURE----- iQHLBAEBCAA1FiEEQT1cq06WWXH+NEKru7x8adyj7A4FAmoZuHkXHHNlY3VyaXR5 LWFsZXJ0QGhwZS5jb20ACgkQu7x8adyj7A5rRwv8D+a91AUs/JKeNXWFzdCtEkdw IbdSFdpID9Mf4LCeGAjMsBOM5CBoHRdouzajvzlR4CDPmPxCbYwgdNKB6wsERUGf Apm8i5A4uHKbn+GxUoGmjpK2w6QKkxCGAPW+rLGaUmNQO7B/AARPNM9OEuNOJMKo 0EVpKB3wH71AtVpl5cKGZOqeEkCVcz4zJP6mLQWsngRtEA8W5diO7+wD9w+0bKYK SAmWqIzim9Ve5Ew81oBN9FuFxgU3NY0UMltnoMFxqA7gLiyfKHcuCHCMFn3aE8T5 wPHZZTP5ExMNDIGgqnNhG1JfyjwEI6ShTNXtj/ul9DxShJcauwo+/Ml1rbHjOsU4 8vMxUKOsLeQZCGN95/3v1w+XqKuTCoMzp0kDz2vkMnaBJHHGEtTnttO8ryi6evxx cTmAz+yNvqIjqQjJkqYWkobnJ2sVR5+HVXwJF/Rbt1DlfZUI1HgzmX0yuwe7FH5o 8GzXsR0Ypj4wjPChHD1jcSm5SAT0epP7Y3ytiO7+ =jxgV -----END PGP SIGNATURE-----