CVE-2020-24639: AirWave Glass (Command Injection)
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
This vulnerability is caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
CVSS Base score of this vulnerability is 9.8. CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.3 Affected Version
Airwave Glass before 1.3.3.
1.4 Vulnerability Attribution
These vulnerabilities were discovered and reported by Daniel Jensen (@dozernz) via Aruba's Bug Bounty Program
1.5 Risk Impact
Airwave Glass, a product of Aruba Networks which is part of HPE, is used to monitor, configure, and control Network devices, such as wireless network devices, controller switches and other third-party devices. Global 1000 customers use this device to control their wireless network and a single node of device can support up to 50000 devices and exploiting this vulnerability can lead to planting backdoor via command injection and affecting the entire organization’s network infrastructure.
AirWave Glass is built from grounds up using the latest cloud computing technologies primarily the ELK (Elastic, Logstash, Kibana) stack. Unlike the master console, Glass aggregates and stores the data that is required to build dashboards and reports onto the platform itself.
There are no publicly available exploits.
1.6 Virsec Security Platform (VSP) Support:
VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.
VSP-Web has capability that can detect all types of OS command injection attack and prevent this attack from being exploited.
1.7 Reference Links:
Download the full vulnerability report to learn more about this and other important vulnerabilities.
Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!