CVE-2021-41003 in CX 6200F Switch Series
Summary
by MITRE • 03/03/2022
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/04/2022
The vulnerability identified as CVE-2021-41003 represents a critical command injection flaw within the AOS-CX API interface of Aruba networking equipment, specifically affecting multiple switch series including the 6200F, 6300, 6400, 8320, 8325, 8400, and 8360 models. This vulnerability resides in the application layer of the operating system and manifests through improper input validation within the API endpoints that handle administrative commands. The flaw allows attackers to execute arbitrary commands on the affected devices without requiring authentication credentials, making it particularly dangerous in network environments where such devices are exposed to untrusted networks or where default credentials remain unchanged. The affected software versions span across multiple AOS-CX releases including 10.06.xx, 10.07.xx, 10.08.xx, and 10.09.xx, with specific patch levels indicating the severity and scope of the issue. This vulnerability directly maps to CWE-77 which defines command injection as a weakness where untrusted data is used to construct command strings that are executed by a system shell, and it aligns with ATT&CK technique T1059.001 for command and scripting interpreter. The impact extends beyond simple privilege escalation as it allows full administrative control over network infrastructure, potentially enabling attackers to modify routing tables, disable security features, or establish persistent backdoors within the network. Attackers exploiting this vulnerability could gain complete control over switch operations, leading to denial of service, data exfiltration, or network compromise through lateral movement. The unauthenticated nature of this flaw means that any device with the vulnerable API interface exposed to the internet or internal networks could be compromised, making it a prime target for automated exploitation campaigns. Organizations running these affected switch series are at significant risk of network disruption and security breaches, as the vulnerability provides attackers with a direct path to execute malicious commands on network infrastructure without requiring prior access or credentials. The affected devices operate in critical network segments where unauthorized access could result in widespread service disruption and potential data loss. Network administrators should immediately assess their deployment of these switch models and implement mitigation strategies including firmware updates, network segmentation, and API access controls to prevent exploitation. The vulnerability demonstrates the importance of input validation and authentication mechanisms in network device management interfaces, highlighting the need for robust security practices in embedded systems and network infrastructure components. Aruba has addressed this issue through firmware updates, but organizations must verify that all affected devices have been properly updated and that the updated firmware versions contain the necessary patches to prevent command injection attacks. The exploitation of this vulnerability could result in significant operational impact, including complete network compromise and the potential for attackers to establish persistent access to network infrastructure, making immediate remediation essential for maintaining network security posture and protecting against advanced persistent threats.