[security bulletin] HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzUxZW5fdXMN
Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j
dW1lbnQgSUQ6IGhwZXNiaGYwMzc1MWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw
Mzc1MSByZXYuMSAtIEhQRSBBcnViYSBBaXJXYXZlIEdsYXNzLCBSZW1vdGUgQ29kZSBF
eGVjdXRpb24NCg0KTk9USUNFOiBUaGUgaW5mb3JtYXRpb24gaW4gdGhpcyBTZWN1cml0
eSBCdWxsZXRpbiBzaG91bGQgYmUgYWN0ZWQgdXBvbiBhcw0Kc29vbiBhcyBwb3NzaWJs
ZS4NCg0KUmVsZWFzZSBEYXRlOiAyMDE3LTA1LTI0DQpMYXN0IFVwZGF0ZWQ6IDIwMTct
MDUtMjQNCg0KUG90ZW50aWFsIFNlY3VyaXR5IEltcGFjdDogUmVtb3RlOiBDb2RlIEV4
ZWN1dGlvbg0KDQpTb3VyY2U6IEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlLCBQcm9k
dWN0IFNlY3VyaXR5IFJlc3BvbnNlIFRlYW0NCg0KVlVMTkVSQUJJTElUWSBTVU1NQVJZ
DQpBIHBvdGVudGlhbCB2dWxuZXJhYmlsaXR5IGluIEhQRSBBcnViYSBBaXJXYXZlIEds
YXNzIDEuMC4wIGFuZCAxLjAuMSBjb3VsZCBiZQ0KcmVtb3RlbHkgZXhwbG9pdGVkIHRv
IGFsbG93IHJlbW90ZSBjb2RlIGV4ZWN1dGlvbi4NCg0KUmVmZXJlbmNlczoNCg0KICAt
IENWRS0yMDE3LTg5NDYgLSByZW1vdGUgY29kZSBleGVjdXRpb24NCg0KU1VQUE9SVEVE
IFNPRlRXQVJFIFZFUlNJT05TKjogT05MWSBpbXBhY3RlZCB2ZXJzaW9ucyBhcmUgbGlz
dGVkLg0KDQogIC0gQXJ1YmEgQWlyd2F2ZSBTb2Z0d2FyZSBHbGFzcyB2MS4wLjAgYW5k
IDEuMC4xIC0gT25seSBBaXJXYXZlIEdsYXNzIGlzDQphZmZlY3RlZDsgc3RhbmRhcmQg
QWlyV2F2ZSBpcyBub3QNCg0KQkFDS0dST1VORA0KDQogIENWU1MgQmFzZSBNZXRyaWNz
DQogID09PT09PT09PT09PT09PT09DQogIFJlZmVyZW5jZSwgQ1ZTUyBWMyBTY29yZS9W
ZWN0b3IsIENWU1MgVjIgU2NvcmUvVmVjdG9yDQoNCiAgICBDVkUtMjAxNy04OTQ2DQog
ICAgICA3LjUgQ1ZTUzozLjAvQVY6Ti9BQzpIL1BSOk4vVUk6Ui9TOkMvQzpML0k6TC9B
OkgNCiAgICAgIDYuNiAoQVY6Ti9BQzpIL0F1Ok4vQzpQL0k6UC9BOkMpDQoNCiAgICBJ
bmZvcm1hdGlvbiBvbiBDVlNTIGlzIGRvY3VtZW50ZWQgaW4NCiAgICBIUEUgQ3VzdG9t
ZXIgTm90aWNlIEhQU04tMjAwOC0wMDIgaGVyZToNCg0KaHR0cHM6Ly9oMjA1NjQud3d3
Mi5ocGUuY29tL2hwc2MvZG9jL3B1YmxpYy9kaXNwbGF5P2RvY0lkPWVtcl9uYS1jMDEz
NDU0OTkNCg0KUkVTT0xVVElPTg0KDQpIUEUgQXJ1YmEgaGFzIHByb3ZpZGVkIHRoZSBy
ZXNvbHV0aW9uIHRvIHRoZSB2dWxuZXJhYmlsaXR5IHZpYSBBaXJXYXZlIEdsYXNzDQp2
ZXJzaW9uIDEuMC4xLTEuIA0KDQpBIG5ldyBPVkEgZmlsZSBpcyBhdmFpbGFibGUgZnJv
bSA8aHR0cHM6Ly9zdXBwb3J0LmFydWJhbmV0d29ya3MuY29tPiwgb3IgdGhlDQpzeXN0
ZW0gbWF5IGJlIHVwZ3JhZGVkIHdpdGhpbiB0aGUgYXBwbGljYXRpb24gdGhyb3VnaCB0
aGUgYWRtaW5pc3RyYXRpdmUNCmludGVyZmFjZS4gIEJlY2F1c2UgYW4gZXhpc3Rpbmcg
Y29tcHJvbWlzZSBtYXkgYmUgZGlmZmljdWx0IHRvIGRldGVjdCwNCioqQXJ1YmEgc3Ry
b25nbHkgcmVjb21tZW5kcyBkb3dubG9hZGluZyB0aGUgT1ZBIGZpbGUgYW5kIGRlcGxv
eWluZyBhIGZyZXNoDQppbnN0YWxsYXRpb24gb2YgdGhlIHByb2R1Y3QuKioNCg0KICoq
Tm90ZToqKiBQbGVhc2UgY29udGFjdCBwcm9kdWN0IHN1cHBvcnQgZm9yIHF1ZXN0aW9u
cyBhYm91dCB0aGlzDQpyZXNvbHV0aW9uLg0KDQpISVNUT1JZDQpWZXJzaW9uOjEgKHJl
di4xKSAtIDI1IE1heSAyMDE3IEluaXRpYWwgcmVsZWFzZQ0KDQpUaGlyZCBQYXJ0eSBT
ZWN1cml0eSBQYXRjaGVzOiBUaGlyZCBwYXJ0eSBzZWN1cml0eSBwYXRjaGVzIHRoYXQg
YXJlIHRvIGJlDQppbnN0YWxsZWQgb24gc3lzdGVtcyBydW5uaW5nIEhld2xldHQgUGFj
a2FyZCBFbnRlcnByaXNlIChIUEUpIHNvZnR3YXJlDQpwcm9kdWN0cyBzaG91bGQgYmUg
YXBwbGllZCBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIGN1c3RvbWVyJ3MgcGF0Y2ggbWFu
YWdlbWVudA0KcG9saWN5Lg0KDQpTdXBwb3J0OiBGb3IgaXNzdWVzIGFib3V0IGltcGxl
bWVudGluZyB0aGUgcmVjb21tZW5kYXRpb25zIG9mIHRoaXMgU2VjdXJpdHkNCkJ1bGxl
dGluLCBjb250YWN0IG5vcm1hbCBIUEUgU2VydmljZXMgc3VwcG9ydCBjaGFubmVsLiBG
b3Igb3RoZXIgaXNzdWVzIGFib3V0DQp0aGUgY29udGVudCBvZiB0aGlzIFNlY3VyaXR5
IEJ1bGxldGluLCBzZW5kIGUtbWFpbCB0byBzZWN1cml0eS1hbGVydEBocGUuY29tLg0K
DQpSZXBvcnQ6IFRvIHJlcG9ydCBhIHBvdGVudGlhbCBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IGZvciBhbnkgSFBFIHN1cHBvcnRlZA0KcHJvZHVjdDoNCiAgV2ViIGZvcm06IGh0
dHBzOi8vd3d3LmhwZS5jb20vaW5mby9yZXBvcnQtc2VjdXJpdHktdnVsbmVyYWJpbGl0
eQ0KICBFbWFpbDogc2VjdXJpdHktYWxlcnRAaHBlLmNvbQ0KDQpTdWJzY3JpYmU6IFRv
IGluaXRpYXRlIGEgc3Vic2NyaXB0aW9uIHRvIHJlY2VpdmUgZnV0dXJlIEhQRSBTZWN1
cml0eSBCdWxsZXRpbg0KYWxlcnRzIHZpYSBFbWFpbDogaHR0cDovL3d3dy5ocGUuY29t
L3N1cHBvcnQvU3Vic2NyaWJlcl9DaG9pY2UNCg0KU2VjdXJpdHkgQnVsbGV0aW4gQXJj
aGl2ZTogQSBsaXN0IG9mIHJlY2VudGx5IHJlbGVhc2VkIFNlY3VyaXR5IEJ1bGxldGlu
cyBpcw0KYXZhaWxhYmxlIGhlcmU6IGh0dHA6Ly93d3cuaHBlLmNvbS9zdXBwb3J0L1Nl
Y3VyaXR5X0J1bGxldGluX0FyY2hpdmUNCg0KU29mdHdhcmUgUHJvZHVjdCBDYXRlZ29y
eTogVGhlIFNvZnR3YXJlIFByb2R1Y3QgQ2F0ZWdvcnkgaXMgcmVwcmVzZW50ZWQgaW4N
CnRoZSB0aXRsZSBieSB0aGUgdHdvIGNoYXJhY3RlcnMgZm9sbG93aW5nIEhQU0IuDQoN
CjNDID0gM0NPTQ0KM1AgPSAzcmQgUGFydHkgU29mdHdhcmUNCkdOID0gSFBFIEdlbmVy
YWwgU29mdHdhcmUNCkhGID0gSFBFIEhhcmR3YXJlIGFuZCBGaXJtd2FyZQ0KTVUgPSBN
dWx0aS1QbGF0Zm9ybSBTb2Z0d2FyZQ0KTlMgPSBOb25TdG9wIFNlcnZlcnMNCk9WID0g
T3BlblZNUw0KUFYgPSBQcm9DdXJ2ZQ0KU1QgPSBTdG9yYWdlIFNvZnR3YXJlDQpVWCA9
IEhQLVVYDQoNCkNvcHlyaWdodCAyMDE2IEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNl
DQoNCkhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIHNoYWxsIG5vdCBiZSBsaWFibGUg
Zm9yIHRlY2huaWNhbCBvciBlZGl0b3JpYWwNCmVycm9ycyBvciBvbWlzc2lvbnMgY29u
dGFpbmVkIGhlcmVpbi4gVGhlIGluZm9ybWF0aW9uIHByb3ZpZGVkIGlzIHByb3ZpZGVk
DQoiYXMgaXMiIHdpdGhvdXQgd2FycmFudHkgb2YgYW55IGtpbmQuIFRvIHRoZSBleHRl
bnQgcGVybWl0dGVkIGJ5IGxhdywgbmVpdGhlcg0KSFAgb3IgaXRzIGFmZmlsaWF0ZXMs
IHN1YmNvbnRyYWN0b3JzIG9yIHN1cHBsaWVycyB3aWxsIGJlIGxpYWJsZSBmb3INCmlu
Y2lkZW50YWwsc3BlY2lhbCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgaW5jbHVkaW5n
IGRvd250aW1lIGNvc3Q7IGxvc3QNCnByb2ZpdHM7IGRhbWFnZXMgcmVsYXRpbmcgdG8g
dGhlIHByb2N1cmVtZW50IG9mIHN1YnN0aXR1dGUgcHJvZHVjdHMgb3INCnNlcnZpY2Vz
OyBvciBkYW1hZ2VzIGZvciBsb3NzIG9mIGRhdGEsIG9yIHNvZnR3YXJlIHJlc3RvcmF0
aW9uLiBUaGUNCmluZm9ybWF0aW9uIGluIHRoaXMgZG9jdW1lbnQgaXMgc3ViamVjdCB0
byBjaGFuZ2Ugd2l0aG91dCBub3RpY2UuIEhld2xldHQNClBhY2thcmQgRW50ZXJwcmlz
ZSBhbmQgdGhlIG5hbWVzIG9mIEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIHByb2R1
Y3RzDQpyZWZlcmVuY2VkIGhlcmVpbiBhcmUgdHJhZGVtYXJrcyBvZiBIZXdsZXR0IFBh
Y2thcmQgRW50ZXJwcmlzZSBpbiB0aGUgVW5pdGVkDQpTdGF0ZXMgYW5kIG90aGVyIGNv
dW50cmllcy4gT3RoZXIgcHJvZHVjdCBhbmQgY29tcGFueSBuYW1lcyBtZW50aW9uZWQg
aGVyZWluDQptYXkgYmUgdHJhZGVtYXJrcyBvZiB0aGVpciByZXNwZWN0aXZlIG93bmVy
cy4NCi0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tClZlcnNpb246IEdudVBHIHYx
CgppUUVjQkFFQkNBQUdCUUpaSmYrcUFBb0pFTFhoQXh0N1NaYWkrSjRIL2pQb1VqbkIv
d0lVck5HRWNWU3NYSGVECnJuaWM5c3NJWHNWVDNtTzN1L2Q1YUtPeVVDY0JZN0dSeGJs
M1VNTGUrU09PQ0I1dW8yZ0F0Y2Rid09NTjNONk4KeEhjZzdNK0IzMEM5b1RHM2dGVHRI
T20zYlFtWVNmem42VXd5ZkxYenRQVWFJN1QwaXhaUk1hdEdWS2gxTjQ1RAp0NmtrbTBx
ZVBSdDlSWWp0eFpBbGJKSXpXOUdndExVZFlhSy9FWFpMc1pFWVRGVEdGOWlMQVIybUNL
aW9sUWR2CmpqVVc3ZXJabnphd0dhSUpYRVdNd2tkVXJJK3ZUcVZBbVF6a1hsYkh1TVRi
LzRtTEF2MEwrL244NklhREIyWWgKa2M1VUJ1VVFJWGZ2VnIxT2p1eno5WUF2Z1ZVb28y
OVNHOEZHRHA5QStMVklCQVp1MDZCa2FSMW9CTjl6cXJZPQo9WXovNgotLS0tLUVORCBQ
R1AgU0lHTkFUVVJFLS0tLS0K