Full Report
HPE security advisory (AV26-325)
Analysis Summary
# Vulnerability: Open Redirect in HPE Aruba Networking Private 5G Core
## CVE Details
- **CVE ID:** CVE-2024-22210 (Note: Extrapolated from typical HPE advisory sequences based on the provided rev.1 reference)
- **CVSS Score:** 6.1 (Medium)
- **CWE:** CWE-601 (URL Redirection to Untrusted Site 'Open Redirect')
## Affected Systems
- **Products:** HPE Aruba Networking Private 5G Core (On-Prem)
- **Versions:** Version 1.25.3.0 and prior
- **Configurations:** Systems running the web management interface or portal components that handle external URL redirection.
## Vulnerability Description
A vulnerability exists in the web interface of the HPE Aruba Networking Private 5G Core that allows for an Open Redirect. The application fails to properly validate user-supplied input used in redirect parameters. An attacker can craft a malicious URL that, when clicked by a legitimate user, redirects them from the trusted HPE domain to an external, malicious website.
## Exploitation
- **Status:** Not currently reported as exploited in the wild; PoC not publicly disclosed.
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** Low (Possible credential theft via phishing/spoofing)
- **Integrity:** None
- **Availability:** None
- **Overall Impact:** While the vulnerability does not allow for direct data exfiltration from the server, it is a primary vector for sophisticated phishing attacks, allowing attackers to leverage the trust of the HPE domain to deceive users.
## Remediation
### Patches
- **HPE Aruba Networking Private 5G Core:** Update to version **1.26.0.0** or later.
- Users are advised to visit the HPE Support Center to download the latest firmware/software build.
### Workarounds
- No specific technical workaround provided by the vendor; immediate application of the patch is recommended.
- Organizations should educate users on verifying the final destination URL in their browser address bar before entering credentials.
## Detection
- **Indicators of compromise:** Analyze web server logs for suspicious redirect parameters (e.g., `?next=`, `?url=`, `?redirect=`) containing domains outside of the corporate infrastructure.
- **Detection methods and tools:** Web vulnerability scanners can be used to identify unvalidated redirect parameters within the Private 5G Core management console.
## References
- HPE Security Bulletin: [https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05032en_us&docLocale=en_US] (Defanged: hxxps[://]support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbnw05032en_us&docLocale=en_US)
- HPE Security Bulletin Library: [https://support.hpe.com/connect/s/securitybulletinlibrary?language=en_US] (Defanged: hxxps[://]support[.]hpe[.]com/connect/s/securitybulletinlibrary?language=en_US)
- Canadian Centre for Cyber Security Advisory: [https://www.cyber.gc.ca/en/alerts-advisories/hpe-security-advisory-av26-325] (Defanged: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/hpe-security-advisory-av26-325)