A high-severity vulnerability has been identified in the web-based management interface of HPE Aruba Networking Fabric Composer. This flaw allows an unauthenticated attacker with network access to the device to view sensitive system files, potentially exposing configuration details, credentials, or other critical information that could be used to facilitate further attacks on the network.

This vulnerability is a path traversal weakness within the web-based management interface of the affected products. An unauthenticated remote attacker can exploit this by sending a specially crafted HTTP request to the management interface. The request contains directory traversal sequences (e.g., ../) that cause the application to navigate outside of the intended web root directory, allowing the attacker to read arbitrary system files to which the web server process has access. Successful exploitation does not require any user interaction or prior authentication.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could lead to a significant breach of confidentiality. An attacker could access sensitive configuration files, network topology information, service account credentials, or other private data stored on the device. This information could then be leveraged to plan and execute more sophisticated attacks, potentially leading to a full compromise of the network infrastructure, service disruption, and non-compliance with data protection regulations.

Immediate Action: Apply the security updates provided by HPE Aruba Networking immediately to all affected Fabric Composer instances. Before and after patching, review web server access logs for any unusual requests containing directory traversal patterns or attempts to access known system files to identify potential past or ongoing exploitation attempts.

Proactive Monitoring: Configure monitoring systems to alert on suspicious requests targeting the web management interface. Specifically, monitor for HTTP GET requests that include ../, %2e%2e/, or other path traversal encodings. Network traffic should be monitored for connections to the management interface from untrusted or unexpected IP ranges.

Compensating Controls: If patching is not immediately possible, implement strict network-level access controls. Use a firewall or Access Control Lists (ACLs) to restrict access to the web-based management interface to a dedicated and trusted administrative network or specific IP addresses. Consider deploying a Web Application Firewall (WAF) with rulesets designed to detect and block path traversal attacks as an additional layer of defense.

Public Exploit Available: false

Given the High severity (CVSS 7.5) and the lack of authentication required for exploitation, this vulnerability poses a significant risk to the organization. The primary recommendation is to apply the vendor-provided security updates to all affected systems on an emergency basis. If patching must be delayed, the compensating controls, especially restricting network access to the management interface, must be implemented immediately. Although this CVE is not currently on the CISA KEV list, its characteristics make it an attractive target for attackers, and organizations should treat its remediation as a top priority to prevent sensitive data exposure and potential network compromise.