Search In Site

Security Alerts

Severity Level: Critical

Title: 

Multiple Vulnerabilities in HPE Aruba Networking Access Points

Summary:

. Unauthenticated Command Injection in CLI Service (CVE-2024-42509)

• Severity: Critical

• CVSS v3.x Score: 9.8

• Description: This vulnerability allows unauthenticated remote attackers to execute

arbitrary commands via the CLI service accessed through the PAPI protocol.

2. Unauthenticated Command Injection via PAPI Protocol (CVE-2024-47460)

• Severity: Critical

• CVSS v3.x Score: 9.0

• Description: Similar to CVE-2024-42509, this vulnerability enables unauthenticated

command injection through the PAPI protocol.

 3. Authenticated Remote Command Execution (CVE-2024-47461)

• Severity: High

• CVSS v3.x Score: 7.2

• Description: An authenticated command injection vulnerability exists in the Instant AOS[1]8 and AOS-10 command line interface

4. Arbitrary File Creation Leading to RCE (CVE-2024-47462, CVE-2024-47463)

• Severity: High

• CVSS v3.x Score: 7.2

• Description: These vulnerabilities allow authenticated attackers to create arbitrary files,

potentially leading to remote command execution.

5. Authenticated Path Traversal (CVE-2024-47464)

• Severity: Medium

• CVSS v3.x Score: 6.8

• Description: This vulnerability enables authenticated attackers to gain unauthorized

access to files through path traversal.

Recommendations:.
applying the mitigation or workaround provided by HPE Aruba Networking.

 

References:

click here