Severity Level: Critical
Title:
Multiple Vulnerabilities in HPE Aruba Networking Access Points
Summary:
. Unauthenticated Command Injection in CLI Service (CVE-2024-42509)
• Severity: Critical
• CVSS v3.x Score: 9.8
• Description: This vulnerability allows unauthenticated remote attackers to execute
arbitrary commands via the CLI service accessed through the PAPI protocol.
2. Unauthenticated Command Injection via PAPI Protocol (CVE-2024-47460)
• Severity: Critical
• CVSS v3.x Score: 9.0
• Description: Similar to CVE-2024-42509, this vulnerability enables unauthenticated
command injection through the PAPI protocol.
3. Authenticated Remote Command Execution (CVE-2024-47461)
• Severity: High
• CVSS v3.x Score: 7.2
• Description: An authenticated command injection vulnerability exists in the Instant AOS[1]8 and AOS-10 command line interface
4. Arbitrary File Creation Leading to RCE (CVE-2024-47462, CVE-2024-47463)
• Severity: High
• CVSS v3.x Score: 7.2
• Description: These vulnerabilities allow authenticated attackers to create arbitrary files,
potentially leading to remote command execution.
5. Authenticated Path Traversal (CVE-2024-47464)
• Severity: Medium
• CVSS v3.x Score: 6.8
• Description: This vulnerability enables authenticated attackers to gain unauthorized
access to files through path traversal.
Recommendations:.
applying the mitigation or workaround provided by HPE Aruba Networking.
References:
click here