Search criteria
10 vulnerabilities found for HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 by Hewlett Packard Enterprise (HPE)
CVE-2024-42393 (GCVE-0-2024-42393)
Vulnerability from cvelistv5 – Published: 2024-08-06 18:58 – Updated: 2024-08-12 16:00
VLAI?
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Affected:
Version 8.12.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1
(semver)
Affected: Version 8.10.0.0: 8.10.0.12 and below , ≤ <=8.10.0.12 (semver) |
Credits
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:13:40.644282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T16:00:36.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:18:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:44:56.016Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42393",
"datePublished": "2024-08-06T18:58:52.509Z",
"dateReserved": "2024-07-31T20:37:28.337Z",
"dateUpdated": "2024-08-12T16:00:36.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42394 (GCVE-0-2024-42394)
Vulnerability from cvelistv5 – Published: 2024-08-06 18:57 – Updated: 2024-08-07 14:27
VLAI?
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Affected:
Version 8.12.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1
(semver)
Affected: Version 8.10.0.0: 8.10.0.12 and below , ≤ <=8.10.0.12 (semver) |
Credits
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hpe:aruba_networking_instantos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aruba_networking_instantos",
"vendor": "hpe",
"versions": [
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:hpe:arubaos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "hpe",
"versions": [
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T13:58:43.755424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T14:27:21.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:43:44.092Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42394",
"datePublished": "2024-08-06T18:57:23.377Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-07T14:27:21.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42395 (GCVE-0-2024-42395)
Vulnerability from cvelistv5 – Published: 2024-08-06 18:56 – Updated: 2024-08-08 14:47
VLAI?
Summary
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Affected:
Version 8.12.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1
(semver)
Affected: Version 8.10.0.0: 8.10.0.12 and below , ≤ <=8.10.0.12 (semver) |
Credits
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T14:51:10.591351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:47:07.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:44.319Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42395",
"datePublished": "2024-08-06T18:56:05.348Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-08T14:47:07.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42396 (GCVE-0-2024-42396)
Vulnerability from cvelistv5 – Published: 2024-08-06 18:54 – Updated: 2025-03-25 16:46
VLAI?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Affected:
Version 8.12.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1
(semver)
Affected: Version 8.10.0.0: 8.10.0.12 and below , ≤ <=8.10.0.12 (semver) |
Credits
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T20:05:29.572011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:46:21.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.\u003c/p\u003e"
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:41:51.479Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42396",
"datePublished": "2024-08-06T18:54:42.859Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2025-03-25T16:46:21.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42397 (GCVE-0-2024-42397)
Vulnerability from cvelistv5 – Published: 2024-08-06 18:51 – Updated: 2025-03-19 16:03
VLAI?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
Severity ?
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Affected:
Version 8.12.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1
(semver)
Affected: Version 8.10.0.0: 8.10.0.12 and below , ≤ <=8.10.0.12 (semver) |
Credits
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:22:06.175963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T16:03:44.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.\u003c/p\u003e"
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:40:20.342Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42397",
"datePublished": "2024-08-06T18:51:57.643Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2025-03-19T16:03:44.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42393 (GCVE-0-2024-42393)
Vulnerability from nvd – Published: 2024-08-06 18:58 – Updated: 2024-08-12 16:00
VLAI?
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Affected:
Version 8.12.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1
(semver)
Affected: Version 8.10.0.0: 8.10.0.12 and below , ≤ <=8.10.0.12 (semver) |
Credits
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:13:40.644282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T16:00:36.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:18:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:44:56.016Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42393",
"datePublished": "2024-08-06T18:58:52.509Z",
"dateReserved": "2024-07-31T20:37:28.337Z",
"dateUpdated": "2024-08-12T16:00:36.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42394 (GCVE-0-2024-42394)
Vulnerability from nvd – Published: 2024-08-06 18:57 – Updated: 2024-08-07 14:27
VLAI?
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Affected:
Version 8.12.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1
(semver)
Affected: Version 8.10.0.0: 8.10.0.12 and below , ≤ <=8.10.0.12 (semver) |
Credits
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hpe:aruba_networking_instantos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aruba_networking_instantos",
"vendor": "hpe",
"versions": [
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:hpe:arubaos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "hpe",
"versions": [
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T13:58:43.755424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T14:27:21.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:43:44.092Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42394",
"datePublished": "2024-08-06T18:57:23.377Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-07T14:27:21.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42395 (GCVE-0-2024-42395)
Vulnerability from nvd – Published: 2024-08-06 18:56 – Updated: 2024-08-08 14:47
VLAI?
Summary
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Severity ?
9.8 (Critical)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Affected:
Version 8.12.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1
(semver)
Affected: Version 8.10.0.0: 8.10.0.12 and below , ≤ <=8.10.0.12 (semver) |
Credits
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T14:51:10.591351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:47:07.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:44.319Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42395",
"datePublished": "2024-08-06T18:56:05.348Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-08T14:47:07.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42396 (GCVE-0-2024-42396)
Vulnerability from nvd – Published: 2024-08-06 18:54 – Updated: 2025-03-25 16:46
VLAI?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Affected:
Version 8.12.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1
(semver)
Affected: Version 8.10.0.0: 8.10.0.12 and below , ≤ <=8.10.0.12 (semver) |
Credits
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T20:05:29.572011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:46:21.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.\u003c/p\u003e"
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:41:51.479Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42396",
"datePublished": "2024-08-06T18:54:42.859Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2025-03-25T16:46:21.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42397 (GCVE-0-2024-42397)
Vulnerability from nvd – Published: 2024-08-06 18:51 – Updated: 2025-03-19 16:03
VLAI?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
Severity ?
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Affected:
Version 8.12.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1
(semver)
Affected: Version 8.10.0.0: 8.10.0.12 and below , ≤ <=8.10.0.12 (semver) |
Credits
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:22:06.175963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T16:03:44.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.\u003c/p\u003e"
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:40:20.342Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42397",
"datePublished": "2024-08-06T18:51:57.643Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2025-03-19T16:03:44.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}