{"id":4033,"date":"2021-12-21T11:51:16","date_gmt":"2021-12-21T03:51:16","guid":{"rendered":"https:\/\/www.udshk.com\/?page_id=4033"},"modified":"2021-12-24T11:35:24","modified_gmt":"2021-12-24T03:35:24","slug":"log4j-vulnerabilities-aruba-resolutions","status":"publish","type":"page","link":"https:\/\/www.udshk.com\/?page_id=4033","title":{"rendered":"Log4J Vulnerabilities &#8211; Aruba Resolutions"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"4033\" class=\"elementor elementor-4033\" data-elementor-settings=\"[]\">\n\t\t\t\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5d606b0 elementor-section-height-min-height elementor-section-items-top elementor-section-boxed elementor-section-height-default\" data-id=\"5d606b0\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b1e2f06\" data-id=\"b1e2f06\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fcf7e67 elementor-widget elementor-widget-image\" data-id=\"fcf7e67\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/www.udshk.com\/wp-content\/uploads\/2021\/08\/aruba_new.png\" class=\"attachment-medium size-medium\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d2f21f8 elementor-widget elementor-widget-heading\" data-id=\"d2f21f8\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Log4J Vulnerabilities - Aruba Resolutions (Updated to 20 Dec 2021)<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0abba13 elementor-widget elementor-widget-text-editor\" data-id=\"0abba13\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The information provided below is referred from <a href=\"https:\/\/www.arubanetworks.com\/assets\/alert\/ARUBA-PSA-2021-019.txt\">https:\/\/www.arubanetworks.com\/assets\/alert\/ARUBA-PSA-2021-019.txt<\/a>, <a href=\"https:\/\/sirt.arubanetworks.com\/mailman\/listinfo\/security-alerts_sirt.arubanetworks.com\">https:\/\/sirt.arubanetworks.com\/mailman\/listinfo\/security-alerts_sirt.arubanetworks.com<\/a>,\u00a0<a href=\"https:\/\/www.arubanetworks.com\/website\/techdocs\/sdwan\/docs\/advisories\/media\/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf\">https:\/\/www.arubanetworks.com\/website\/techdocs\/sdwan\/docs\/advisories\/media\/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf<\/a> and <a href=\"https:\/\/www.arubanetworks.com\/support-services\/security-bulletins\/\">https:\/\/www.arubanetworks.com\/support-services\/security-bulletins\/<\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53779d0 elementor-tabs-view-horizontal elementor-widget elementor-widget-tabs\" data-id=\"53779d0\" data-element_type=\"widget\" data-widget_type=\"tabs.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-tabs\">\n\t\t\t<div class=\"elementor-tabs-wrapper\" role=\"tablist\" >\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8751\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8752\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8753\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8754\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8755\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Affected Aruba Product<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8756\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8756\" aria-expanded=\"false\">Unaffected Amazon Products<\/div>\n\t\t\t\t\t\t\t\t\t<div id=\"elementor-tab-title-8757\" class=\"elementor-tab-title elementor-tab-desktop-title\" aria-selected=\"false\" data-tab=\"7\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8757\" aria-expanded=\"false\">Aruba SIRT Security Procedures<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"elementor-tabs-content-wrapper\" role=\"tablist\" aria-orientation=\"vertical\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"true\" data-tab=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"elementor-tab-content-8751\" aria-expanded=\"false\">CVE Number<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8751\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8751\" tabindex=\"0\" hidden=\"false\"><ul>\n \t<li><a style=\"pointer-events: none; cursor: default; text-decoration: none; color: black;\" href=\"\u201c#\u201d\"> 2021-44228<\/a><\/li>\n \t<li><a style=\"pointer-events: none; cursor: default; text-decoration: none; color: black;\" href=\"\u201c#\u201d\"> 2021-45046<\/a><\/li>\n<\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8752\" aria-expanded=\"false\">Discovery Date<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8752\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8752\" tabindex=\"0\" hidden=\"hidden\"><ul><li>Not provided<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8753\" aria-expanded=\"false\">Threat Level<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8753\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8753\" tabindex=\"0\" hidden=\"hidden\"><ul><li>Critical<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8754\" aria-expanded=\"false\">Response to Log4j<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8754\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"4\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8754\" tabindex=\"0\" hidden=\"hidden\"><p class=\"s5\">Since the discovery of these vulnerabilities, Aruba SIRT has been closely monitoring these threats and how they may affect Aruba products. Aruba SIRT consulted with the product teams, and Aruba Threat Labs performed various tests using POC (Proof of Concept) code against products.<\/p><p class=\"s5\">Although some Aruba products use the log4j library, none of them use it in a way that makes them vulnerable to CVE-2021-44228 and CVE-2021-45046. The conclusion of the investigation is that the products listed in the \u201cUnaffected Products\u201d tab are not vulnerable to CVE-2021-44228 and CVE-2021-45046.<\/p><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8755\" aria-expanded=\"false\">Affected Aruba Product<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8755\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"5\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8755\" tabindex=\"0\" hidden=\"hidden\"><ul><li>All Silver Peak Orchestrator and legacy GMS products.<\/li><\/ul><\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8756\" aria-expanded=\"false\">Unaffected Amazon Products<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8756\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"6\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8756\" tabindex=\"0\" hidden=\"hidden\"><ul>\n \t<li>AirWave Management Platform<\/li>\n \t<li>Aruba Analytics and Location Engine<\/li>\n \t<li>Aruba Central \/ Central On-Premises<\/li>\n \t<li>Aruba ClearPass Policy Manager<\/li>\n \t<li>Aruba Instant \/ Aruba Instant Access Points<\/li>\n \t<li>Aruba Instant On<\/li>\n \t<li>Aruba Fabric Composer (AFC) and Plexxi Composable Fabric Manager (CFM)<\/li>\n \t<li>Aruba NetEdit<\/li>\n \t<li>Aruba User Experience Insight (UXI)<\/li>\n \t<li>ArubaOS Wi-Fi Controllers and Gateways<\/li>\n \t<li>ArubaOS SD-WAN Gateways<\/li>\n \t<li>ArubaOS-CX Switches<\/li>\n \t<li>ArubaOS-S Switches<\/li>\n \t<li>HP ProCurve Switches<\/li>\n \t<li>Aruba VIA Client<\/li>\n<\/ul>\n\nOther Aruba products not listed above are also not known to be affected by\nthe vulnerability.<\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-tab-title elementor-tab-mobile-title\" aria-selected=\"false\" data-tab=\"7\" role=\"tab\" tabindex=\"-1\" aria-controls=\"elementor-tab-content-8757\" aria-expanded=\"false\">Aruba SIRT Security Procedures<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8757\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"7\" role=\"tabpanel\" aria-labelledby=\"elementor-tab-title-8757\" tabindex=\"0\" hidden=\"hidden\"><p class=\"s5\"><span class=\"s32\">To receive Security Advisory updates, subscribe to notifications at https:\/\/sirt.arubanetworks.com\/mailman\/listinfo\/security-alerts_sirt.arubanetworks.com Complete information on reporting security vulnerabilities in Aruba Networks products and obtaining assistance with security incidents is available at: <\/span><\/p><p class=\"s13\"><a class=\"s32\" href=\"https:\/\/www.arubanetworks.com\/support-services\/security-bulletins\/\">https:\/\/www.arubanetworks.com\/support-services\/security-bulletins\/<\/a><\/p><p><span class=\"s29\">For reporting *NEW* Aruba Networks security issues, email can be sent to <\/span><span class=\"s29\">aruba-sirt<\/span><span class=\"s29\">(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at:<\/span><\/p><p><span class=\"s29\"> <a href=\"https:\/\/www.arubanetworks.com\/support-services\/security-bulletins\/\">https:\/\/www.arubanetworks.com\/support-services\/security-bulletins\/<\/a><\/span><\/p><\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Log4J Vulnerabilities &#8211; Aruba Resolutions (Updated to 20 Dec 2021) The information provided below is referred from https:\/\/www.arubanetworks.com\/assets\/alert\/ARUBA-PSA-2021-019.txt, https:\/\/sirt.arubanetworks.com\/mailman\/listinfo\/security-alerts_sirt.arubanetworks.com,\u00a0https:\/\/www.arubanetworks.com\/website\/techdocs\/sdwan\/docs\/advisories\/media\/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf and https:\/\/www.arubanetworks.com\/support-services\/security-bulletins\/. CVE Number Discovery Date Threat Level Response to Log4j Affected Aruba Product Unaffected Amazon Products Aruba SIRT Security Procedures CVE Number 2021-44228 2021-45046 Discovery Date Not provided Threat Level Critical Response to Log4j Since [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-4033","page","type-page","status-publish","hentry","entry","owp-thumbs-layout-horizontal","owp-btn-normal","owp-tabs-layout-horizontal","has-no-thumbnails","has-product-nav"],"_links":{"self":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4033"}],"version-history":[{"count":13,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4033\/revisions"}],"predecessor-version":[{"id":4190,"href":"https:\/\/www.udshk.com\/index.php?rest_route=\/wp\/v2\/pages\/4033\/revisions\/4190"}],"wp:attachment":[{"href":"https:\/\/www.udshk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}