Siemens SCALANCE

CVEs (15)

Remediations

• Currently no fix is planned
• Update to V8.7.1.3 or later version
• Update to V8.7.1.9 or later version
• Block access to the ArubaOS Command Line Interface from all untrusted users
• Block access to the ArubaOS web-based management interface from all untrusted users
• Block access to the Mobility Conductor Command Line Interface from all untrusted users
• Enabling the Enhanced PAPI Security feature where available will prevent exploitation of these vulnerabilities. Please contact TAC for assistance if needed
• Exploitation requires physical access. Controllers in strictly controlled physical environments are at low risk
• In order to minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Also, enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited. Contact Aruba Support for configuration assistance
• The RAPConsole or Local Debug homepage can be reached by users in a split or bridge role. This can be prevented by configuring an ACL to restrict access to the Local Debug (LD) homepage which effectively prevents this issue. Instructions on how to implement this ACL can be found at https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/rap/rest-local-deb.htm

Affected Vendors

Affected Products (3)

Affected Sectors

Multiple