Adrian Collier - Technology

Aruba Apache log4j Library Vulnerabilities for Silver Peak and Aruba IntroSpect

Aruba just released the following update regarding the Apache log4j library vulnerabilities. If you’re running a Silver Peak Orchestrator or other GMS products and/or Aruba IntroSpect this will be of interest to you.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Aruba Product Security Advisory
===============================
Advisory ID: ARUBA-PSA-2021-019
CVE: CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, CVE-2021-44832 Publication Date: 2021-Dec-13 Last Update: 2022-Jan-11
Status: Confirmed
Severity: Critical
Revision: 3




Title
=====
Apache log4j library vulnerabilities



Overview
========
Five CVEs have been published about various vulnerabilities discovered in the Apache log4j library.


Details can be found at:
CVE-2021-44228 https://nvd.nist.gov/vuln/detail/CVE-2021-44228
CVE-2021-45046 https://nvd.nist.gov/vuln/detail/CVE-2021-45046
CVE-2021-45105 https://nvd.nist.gov/vuln/detail/CVE-2021-45105
CVE-2021-4104 https://nvd.nist.gov/vuln/detail/CVE-2021-4104
CVE-2021-44832 https://nvd.nist.gov/vuln/detail/CVE-2021-44832




Affected Products
=================
-- All Silver Peak Orchestrator and legacy GMS products. For details visit:
https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf


-- Aruba IntroSpect: Versions 2.5.0.0 to 2.5.0.6




Unaffected Products
===================
-- AirWave Management Platform
-- Aruba Analytics and Location Engine
-- Aruba Central / Central On-Premises
-- Aruba ClearPass Policy Manager
-- Aruba Instant / Aruba Instant Access Points
-- Aruba Instant On
-- Aruba Fabric Composer (AFC) and Plexxi Composable Fabric Manager (CFM)
-- Aruba NetEdit
-- Aruba User Experience Insight (UXI)
-- ArubaOS Wi-Fi Controllers and Gateways
-- ArubaOS SD-WAN Gateways
-- ArubaOS-CX Switches
-- ArubaOS-S Switches
-- HP ProCurve Switches
-- Aruba VIA Client


Other Aruba products not listed above are also not known to be affected by the vulnerability.




Details
=======
Since the discovery of these vulnerabilities, Aruba SIRT has been closely monitoring these threats and how they may affect Aruba products. Aruba SIRT consulted with the product teams, and Aruba Threat Labs performed various tests using POC (Proof of Concept) code against products.


Although some Aruba products use the log4j library, none of them use it in a way that makes them vulnerable the published vulnerabilities.
The conclusion of the investigation is that the products listed above under the Unaffected Products section are not vulnerable to these vulnerabilities.
If new information is discovered, this advisory will be updated.




Resolution
==========
Aruba IntroSpect: Version 2.5.0.7 and above




Exploitation and Public Discussion
==================================
These vulnerabilities are being widely discussed in public.
(POC) Proof of Concept code is also available for some of them.




Revision History
================
Revision 1 / 2021-Dec-13 / Initial release Revision 2 / 2021-Dec-17 / CVE-2021-45046 added; update on Silver Peak Orchestrator  Listing additional Aruba products in Unaffected Products Revision 3 / 2022-Jan-11 / CVE-2021-45105, CVE-2021-4104 and CVE-2021-44832 added  IntroSpect added to Affected Products  Overview, Details and Exploitation and Public Discussion Sections updated Resolution section added




Aruba SIRT Security Procedures
==============================
To receive Security Advisory updates, subscribe to notifications at https://sirt.arubanetworks.com/mailman/listinfo/security-alerts_sirt.arubanetworks.com


Complete information on reporting security vulnerabilities in Aruba Networks products and obtaining assistance with security incidents is available at:


https://www.arubanetworks.com/support-services/security-bulletins/




For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found
at:


https://www.arubanetworks.com/support-services/security-bulletins/




(c) Copyright 2022 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information.
-----BEGIN PGP SIGNATURE-----


iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAmHYdvAACgkQmP4JykWF
htkM9wf9HU7s0SoLlYb9Osbln6UdiGeUMiGvg5rIHFH394aw2vPNCM5pCH2J/DSb
g8iXSnFBy1SfQemcCfOREN1jJVABTiZPcLj+hL8RYW8incLPxJZJb98mFtIzEqHL
wzoQB6cbbzVyptDM2CusbRp2j/Kk2c9+07BnDWbsAQedBoK5AGjqAykE4cO22uvd
4M9e2CQBiNEAL+7o5au6qMFFay3cI7EOZhI57jBHi8toaWxIRrXZzmcdPTzI6/wB
Ro6ZG3RRHV27fAzA/h0t9UOdGcVnSs1j3Z5pByw6D48svfnR891Mc4ufUDvE901r
ciMjlT8vbed4D/ankQ98dCmEEWh2Kw==
=4vfn
-----END PGP SIGNATURE-----

January 11, 2022

Windows 10/11 Copy Paste Issues

I have been dealing with copy paste issues lately and it has been highly disruptive to my workflow. At first the issue appeared to intermittently happen when using CTRL + C, CTRL + X, and/or CTRL + V. Since I needed to get work done I just plowed through it trying multiple copy and paste attempts before it finally took. After months of doing this I finally broke down and started using the right click context menu to select copy and paste manually. Not only was it slow, it required extra unnecessary work. The only issue, I still had the copy and paste issues. My initial trouble shooting would lead me to believe that it was a hardware issue with the keyboard, driver issue with the keyboard, Windows 10/11 update issue. Once I learned that the right click solution would lead to the exact same issues all of those previous considerations were thrown out the window.

Fast forward to today I finally broke down and began to troubleshoot to determine the root cause and I think I found the issue. Depending on the make and model of your motherboard you may have hardware and/or software that utilizes Sonic Studio III, Sonic Radar III, and DTS Sound Unbound. If you proceed further down that rabbit hole you may learn that the previous listed components also utilize drivers from Nahimic and/or A-Volute. It is these drivers that are responsible for the copy and paste issues as well as possible system stability issues. Remove the software and drivers and your copy and paste issues magically disappear. Use the following steps to clean your system from these software and driver components.

Uninstall Sonic Studio III, Sonic Radar III, and DTS Sound Unbound from Start > Settings > Apps if applicable. Next you will want to download a program (DriverStore Explorer) to manually remove the drivers from your system. Run DriveStore Explorer (Rapr.exe) as an administrator and remove any drivers from A-Volute and/or DTS. Make sure you get them all since they may be labeled with different providers. When you find and check all drivers that we need to remove make sure you select the “Force Deletion” option and finally “Delete Driver(s)”.

Next we need to open Device Manager, select “Show hidden devices” under the “View” menu and remove any devices related to DTS. Once complete restart your system and all should be good. As a sanity check you may want to verify that Sonic Studio, Sonic Radar, DTS Sound Unbound, and/or Nahimic is not running under task manager. Congrats, you finally have copy and paste working again. One thing to note, if you update drivers in the future, these software, service, and driver components may be reinstalled. Unfortunately you’ll need to redo this process or permanently disable the ability for Windows to auto update these components.

January 06, 2022

ASUS Acknowledges ROG MAXIMUS Z690 HERO Issues

Looks like Tom’s Hardware was able to get an update from ASUS regarding the issues with the ASUS ROG MAXIMUS Z690 HERO. Link below.

ASUS’s Statement

Post from Juan Jose Guerrero III from the ASUS PC DIY Group.

December 29, 2021

ASUS ROG STRIX Z690-E GAMING WIFI - Event 17, WHEA-Logger (Update)

After troubleshooting I decided to move the M.2 from slot M.2_1 to slot M.2_3. The thinking behind this was to move the M.2 SSID off the Intel 12th Gen Processor lanes to the Intel Z690 Chipset lanes. I was on BIOS version 0702 and it immediately began detecting both the M.2 SSID and GPU. I flashed the BIOS back to version 0811 and reinstalled all of the drivers. So far I'm back in business, however, skeptical. Everything ran great initially when using the M.2_1 slot then after some period of time things started to go south. fingers crossed.

December 29, 2021

ASUS ROG STRIX Z690-E GAMING WIFI - Event 17, WHEA-Logger

I'm having issues with the ROG STRIX Z690-E GAMING WIFI build. Had everything up and running and what appeared to be stable. After a few hours came back and something didn't feel right. The PC kept stuttering. I checked the event viewer and saw a bunch of Event 17, WHEA-Logger errors...

A corrected hardware error has occurred.

Component: PCI Express Root Port

Error Source: Advanced Error Reporting (PCI Express)

Primary Bus:Device:Function: 0x0:0x1:0x1
Secondary Bus:Device:Function: 0x0:0x0:0x0
Primary Device Name:PCI\VEN_8086&DEV_462D&SUBSYS_86941043&REV_02
Secondary Device Name:

A reboot will fix this right? Reload and nothing, just a blank screen and a lovely D6 error. After further investigation I noticed that the motherboard doesn't recognize the NVMe drive either. After resetting the BIOS (0811) with no luck I down graded to 0803 then 0702 before I gave up. Did I fry my NVMe drive? Did my GPU blow up?

Transferred everything back to the old rig and it boots up perfectly. No clue what's going on but pretty disappointed with ASUS right now. First the Z690 HERO and now the Z690-E.

I've searched high and low and can't find anything related to this issue. Has anyone also experienced the same or know how to get the NVMe drives detected?

December 29, 2021