A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.
Weakness
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Arubaos | Arubanetworks | 6.5.4.0 (including) | 8.10.0.21 (including) |
| Arubaos | Arubanetworks | 8.11.0.0 (including) | 8.12.0.6 (including) |
| Arubaos | Arubanetworks | 8.13.0.0 (including) | 8.13.1.1 (including) |
| Arubaos | Arubanetworks | 10.3.0.0 (including) | 10.4.1.10 (including) |
| Arubaos | Arubanetworks | 10.5.0.0 (including) | 10.7.2.2 (including) |
| Arubaos | Arubanetworks | 10.8.0.0 (including) | 10.8.0.0 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/466.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/589.html
- https://cwe.mitre.org/data/definitions/590.html
- https://cwe.mitre.org/data/definitions/612.html
- https://cwe.mitre.org/data/definitions/613.html
- https://cwe.mitre.org/data/definitions/615.html
- https://cwe.mitre.org/data/definitions/662.html
- https://cwe.mitre.org/data/definitions/94.html
References
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US