All the vulnerabilites related to hp - instantos
cve-2023-45621
Vulnerability from cvelistv5
Published
2023-11-14 22:54
Modified
2024-08-14 18:46
Severity ?
EPSS score ?
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.4.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instantos",
"vendor": "hp",
"versions": [
{
"lessThanOrEqual": "8.11.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.10.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.6.0.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:24:06.720970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T18:46:12.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:54:17.436Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45621",
"datePublished": "2023-11-14T22:54:17.436Z",
"dateReserved": "2023-10-09T16:22:24.803Z",
"dateUpdated": "2024-08-14T18:46:12.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22785
Vulnerability from cvelistv5
Published
2023-05-08 14:03
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: InstantOS 8.10.x.x: 8.10.0.2 and below Version: ArubaOS 10.3.x.x: 10.3.1.4 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.2 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.4 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:03:55.974Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22785",
"datePublished": "2023-05-08T14:03:55.974Z",
"dateReserved": "2023-01-06T15:24:20.510Z",
"dateUpdated": "2024-08-02T10:20:30.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45615
Vulnerability from cvelistv5
Published
2023-11-14 22:44
Modified
2024-08-30 17:23
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:23:35.521141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:23:46.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:44:59.789Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45615",
"datePublished": "2023-11-14T22:44:59.789Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:23:46.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42399
Vulnerability from cvelistv5
Published
2024-08-06 19:48
Modified
2024-08-06 20:27
Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 Version: Version 10.6.0.0: 10.6.0.0 and below ≤ <=10.6.0.0 Version: Version 10.4.0.0: 10.4.1.3 and below ≤ <=10.4.1.3 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.1",
"status": "affected",
"version": "10.6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.2",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T20:27:21.784664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T20:27:55.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.6.0.0",
"status": "affected",
"version": "Version 10.6.0.0: 10.6.0.0 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.4.1.3",
"status": "affected",
"version": "Version 10.4.0.0: 10.4.1.3 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:48:07.255Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42399",
"datePublished": "2024-08-06T19:48:07.255Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-06T20:27:55.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42396
Vulnerability from cvelistv5
Published
2024-08-06 18:54
Modified
2024-08-12 16:02
Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T20:05:29.572011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T16:02:07.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.\u003c/p\u003e"
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:41:51.479Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42396",
"datePublished": "2024-08-06T18:54:42.859Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-12T16:02:07.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45619
Vulnerability from cvelistv5
Published
2023-11-14 22:52
Modified
2024-08-30 17:20
Severity ?
EPSS score ?
Summary
There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:20:36.623786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:20:52.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\u003c/p\u003e"
}
],
"value": "There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:52:19.138Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45619",
"datePublished": "2023-11-14T22:52:19.138Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:20:52.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22786
Vulnerability from cvelistv5
Published
2023-05-08 14:03
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: InstantOS 8.10.x.x: 8.10.0.2 and below Version: ArubaOS 10.3.x.x: 10.3.1.4 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.2 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.4 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:03:58.355Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22786",
"datePublished": "2023-05-08T14:03:58.355Z",
"dateReserved": "2023-01-06T15:24:20.510Z",
"dateUpdated": "2024-08-02T10:20:30.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45627
Vulnerability from cvelistv5
Published
2023-11-14 22:59
Modified
2024-08-29 18:10
Severity ?
EPSS score ?
Summary
An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal
operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T18:10:06.630552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T18:10:36.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal\u003c/p\u003e\u003cp\u003eoperation of the affected access point.\u003c/p\u003e"
}
],
"value": "An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal\n\noperation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:59:36.788Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45627",
"datePublished": "2023-11-14T22:59:36.788Z",
"dateReserved": "2023-10-09T16:22:24.804Z",
"dateUpdated": "2024-08-29T18:10:36.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35981
Vulnerability from cvelistv5
Published
2023-07-25 18:28
Modified
2024-11-07 18:51
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: ArubaOS 10.4.x.x: 10.4.0.1 and below Version: InstantOS 8.11.x.x: 8.11.1.0 and below Version: InstantOS 8.10.x.x: 8.10.0.6 and below Version: InstantOS 8.6.x.x: 8.6.0.20 and below Version: InstantOS 6.5.x.x: 6.5.4.24 and below Version: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arba_access_points_running_instantos_and_arubaos_10",
"vendor": "hpe",
"versions": [
{
"lessThan": "4.2.4.21",
"status": "affected",
"version": "6.4.4.8",
"versionType": "custom"
},
{
"lessThan": "6.5.4.24",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.6.0.20",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.10.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.11.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T18:38:50.384815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T18:51:06.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.20 and below"
},
{
"status": "affected",
"version": "InstantOS 6.5.x.x: 6.5.4.24 and below"
},
{
"status": "affected",
"version": "InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T18:28:14.271Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35981",
"datePublished": "2023-07-25T18:28:14.271Z",
"dateReserved": "2023-06-20T18:43:02.967Z",
"dateUpdated": "2024-11-07T18:51:06.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35982
Vulnerability from cvelistv5
Published
2023-07-25 18:28
Modified
2024-11-07 18:11
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: ArubaOS 10.4.x.x: 10.4.0.1 and below Version: InstantOS 8.11.x.x: 8.11.1.0 and below Version: InstantOS 8.10.x.x: 8.10.0.6 and below Version: InstantOS 8.6.x.x: 8.6.0.20 and below Version: InstantOS 6.5.x.x: 6.5.4.24 and below Version: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arba_access_points_running_instantos_and_arubaos_10",
"vendor": "hpe",
"versions": [
{
"lessThan": "10.4.0.1",
"status": "affected",
"version": "arubaos_10.4.x.x",
"versionType": "custom"
},
{
"lessThan": "8.11.1.0",
"status": "affected",
"version": "instantos_8.11.x.x",
"versionType": "custom"
},
{
"lessThan": "8.10.0.6",
"status": "affected",
"version": "instantos_8.10xx",
"versionType": "custom"
},
{
"lessThan": "8.6.0.20",
"status": "affected",
"version": "instantos_8.6.x.x",
"versionType": "custom"
},
{
"lessThan": "6.5.4.24",
"status": "affected",
"version": "instantos_6.5.x.x",
"versionType": "custom"
},
{
"lessThan": "6.4.4.8",
"status": "affected",
"version": "instantos_6.4.x.x",
"versionType": "custom"
},
{
"lessThan": "4.2.4.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T16:54:23.089613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T18:11:05.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.20 and below"
},
{
"status": "affected",
"version": "InstantOS 6.5.x.x: 6.5.4.24 and below"
},
{
"status": "affected",
"version": "InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T18:28:20.312Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35982",
"datePublished": "2023-07-25T18:28:20.312Z",
"dateReserved": "2023-06-20T18:43:02.967Z",
"dateUpdated": "2024-11-07T18:11:05.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22780
Vulnerability from cvelistv5
Published
2023-05-08 14:03
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: InstantOS 8.10.x.x: 8.10.0.2 and below Version: ArubaOS 10.3.x.x: 10.3.1.4 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.2 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.4 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:03:38.356Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22780",
"datePublished": "2023-05-08T14:03:38.356Z",
"dateReserved": "2023-01-06T15:24:20.509Z",
"dateUpdated": "2024-08-02T10:20:31.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42393
Vulnerability from cvelistv5
Published
2024-08-06 18:58
Modified
2024-08-12 16:00
Severity ?
EPSS score ?
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:13:40.644282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T16:00:36.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:18:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:44:56.016Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42393",
"datePublished": "2024-08-06T18:58:52.509Z",
"dateReserved": "2024-07-31T20:37:28.337Z",
"dateUpdated": "2024-08-12T16:00:36.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22788
Vulnerability from cvelistv5
Published
2023-05-08 14:08
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.19 and below Version: Aruba InstantOS 8.10.x: 8.10.0.4 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
}
],
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:08:35.055Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22788",
"datePublished": "2023-05-08T14:08:35.055Z",
"dateReserved": "2023-01-06T15:24:20.510Z",
"dateUpdated": "2024-08-02T10:20:30.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22787
Vulnerability from cvelistv5
Published
2023-05-08 14:07
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.19 and below Version: Aruba InstantOS 8.10.x: 8.10.0.4 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided\u0026nbsp;by Aruba InstantOS and ArubaOS 10. Successful exploitation of\u0026nbsp;this vulnerability results in the ability to interrupt the\u0026nbsp;normal operation of the affected access point."
}
],
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided\u00a0by Aruba InstantOS and ArubaOS 10. Successful exploitation of\u00a0this vulnerability results in the ability to interrupt the\u00a0normal operation of the affected access point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:07:18.315Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Denial of Service (DoS) in Aruba InstantOS or ArubaOS 10 Service Accessed via the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22787",
"datePublished": "2023-05-08T14:07:00.289Z",
"dateReserved": "2023-01-06T15:24:20.510Z",
"dateUpdated": "2024-08-02T10:20:30.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45625
Vulnerability from cvelistv5
Published
2023-11-14 22:57
Modified
2024-08-02 20:21
Severity ?
EPSS score ?
Summary
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:57:42.530Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45625",
"datePublished": "2023-11-14T22:57:42.530Z",
"dateReserved": "2023-10-09T16:22:24.804Z",
"dateUpdated": "2024-08-02T20:21:16.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45620
Vulnerability from cvelistv5
Published
2023-11-14 22:53
Modified
2024-08-30 17:11
Severity ?
EPSS score ?
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:10:44.379696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:11:11.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:53:07.384Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45620",
"datePublished": "2023-11-14T22:53:07.384Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:11:11.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45626
Vulnerability from cvelistv5
Published
2023-11-14 22:58
Modified
2024-10-29 18:20
Severity ?
EPSS score ?
Summary
An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:18:28.332522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T18:20:29.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nicholas Starke of Aruba Threat Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.\u003c/p\u003e"
}
],
"value": "An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:58:35.705Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45626",
"datePublished": "2023-11-14T22:58:35.705Z",
"dateReserved": "2023-10-09T16:22:24.804Z",
"dateUpdated": "2024-10-29T18:20:29.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22789
Vulnerability from cvelistv5
Published
2023-05-08 14:08
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.19 and below Version: Aruba InstantOS 8.10.x: 8.10.0.4 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
}
],
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:08:39.438Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22789",
"datePublished": "2023-05-08T14:08:39.438Z",
"dateReserved": "2023-01-06T15:24:20.511Z",
"dateUpdated": "2024-08-02T10:20:30.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45616
Vulnerability from cvelistv5
Published
2023-11-14 22:48
Modified
2024-08-30 17:23
Severity ?
EPSS score ?
Summary
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:23:06.350955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:23:15.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:48:47.301Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45616",
"datePublished": "2023-11-14T22:48:47.301Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:23:15.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45614
Vulnerability from cvelistv5
Published
2023-11-14 22:43
Modified
2024-08-14 19:16
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.4.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instantos",
"vendor": "hp",
"versions": [
{
"lessThanOrEqual": "8.11.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.10.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.6.0.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:52:03.555183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T19:16:49.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:43:30.222Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45614",
"datePublished": "2023-11-14T22:43:30.222Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-14T19:16:49.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45622
Vulnerability from cvelistv5
Published
2023-11-14 22:55
Modified
2024-08-12 14:39
Severity ?
EPSS score ?
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T14:37:37.416117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T14:39:21.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:55:20.319Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45622",
"datePublished": "2023-11-14T22:55:20.319Z",
"dateReserved": "2023-10-09T16:22:24.803Z",
"dateUpdated": "2024-08-12T14:39:21.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42395
Vulnerability from cvelistv5
Published
2024-08-06 18:56
Modified
2024-08-08 14:47
Severity ?
EPSS score ?
Summary
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T14:51:10.591351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:47:07.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:44.319Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42395",
"datePublished": "2024-08-06T18:56:05.348Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-08T14:47:07.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42397
Vulnerability from cvelistv5
Published
2024-08-06 18:51
Modified
2024-08-06 19:40
Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:22:06.175963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:22:30.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.\u003c/p\u003e"
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:40:20.342Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42397",
"datePublished": "2024-08-06T18:51:57.643Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-06T19:40:20.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22782
Vulnerability from cvelistv5
Published
2023-05-08 14:03
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: InstantOS 8.10.x.x: 8.10.0.2 and below Version: ArubaOS 10.3.x.x: 10.3.1.4 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.2 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.4 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:03:45.533Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22782",
"datePublished": "2023-05-08T14:03:45.533Z",
"dateReserved": "2023-01-06T15:24:20.510Z",
"dateUpdated": "2024-08-02T10:20:31.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45623
Vulnerability from cvelistv5
Published
2023-11-14 22:56
Modified
2024-08-30 17:07
Severity ?
EPSS score ?
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:07:25.556573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:07:44.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:56:19.989Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45623",
"datePublished": "2023-11-14T22:56:19.989Z",
"dateReserved": "2023-10-09T16:22:24.803Z",
"dateUpdated": "2024-08-30T17:07:44.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42398
Vulnerability from cvelistv5
Published
2024-08-06 19:37
Modified
2024-08-06 20:12
Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 Version: Version 10.6.0.0: 10.6.0.0 and below ≤ <=10.6.0.0 Version: Version 10.4.0.0: 10.4.1.3 and below ≤ <=10.4.1.3 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.1",
"status": "affected",
"version": "10.6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.2",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:49:16.243921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T20:12:26.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.6.0.0",
"status": "affected",
"version": "Version 10.6.0.0: 10.6.0.0 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.4.1.3",
"status": "affected",
"version": "Version 10.4.0.0: 10.4.1.3 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:38:53.191Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42398",
"datePublished": "2024-08-06T19:37:12.816Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-06T20:12:26.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22779
Vulnerability from cvelistv5
Published
2023-05-08 14:02
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: InstantOS 8.10.x.x: 8.10.0.2 and below Version: ArubaOS 10.3.x.x: 10.3.1.4 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.2 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.4 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:02:48.736Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22779",
"datePublished": "2023-05-08T14:02:48.736Z",
"dateReserved": "2023-01-06T15:24:20.509Z",
"dateUpdated": "2024-08-02T10:20:31.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22784
Vulnerability from cvelistv5
Published
2023-05-08 14:03
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: InstantOS 8.10.x.x: 8.10.0.2 and below Version: ArubaOS 10.3.x.x: 10.3.1.4 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.2 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.4 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:03:51.253Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22784",
"datePublished": "2023-05-08T14:03:51.253Z",
"dateReserved": "2023-01-06T15:24:20.510Z",
"dateUpdated": "2024-08-02T10:20:30.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45617
Vulnerability from cvelistv5
Published
2023-11-14 22:49
Modified
2024-08-30 17:22
Severity ?
EPSS score ?
Summary
There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:22:31.261592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:22:41.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\u003c/p\u003e"
}
],
"value": "There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:49:52.560Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45617",
"datePublished": "2023-11-14T22:49:52.560Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:22:41.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35980
Vulnerability from cvelistv5
Published
2023-07-25 18:28
Modified
2024-11-07 18:56
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: ArubaOS 10.4.x.x: 10.4.0.1 and below Version: InstantOS 8.11.x.x: 8.11.1.0 and below Version: InstantOS 8.10.x.x: 8.10.0.6 and below Version: InstantOS 8.6.x.x: 8.6.0.20 and below Version: InstantOS 6.5.x.x: 6.5.4.24 and below Version: InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hpe:arba_access_points_running_instantos_and_arubaos_10:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arba_access_points_running_instantos_and_arubaos_10",
"vendor": "hpe",
"versions": [
{
"lessThan": "4.2.4.21",
"status": "affected",
"version": "6.4.4.8",
"versionType": "custom"
},
{
"lessThan": "6.5.4.24",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.6.0.20",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.10.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.11.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T18:52:12.730779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T18:56:09.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.1 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.0 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.6 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.20 and below"
},
{
"status": "affected",
"version": "InstantOS 6.5.x.x: 6.5.4.24 and below"
},
{
"status": "affected",
"version": "InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary\u0026nbsp;code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T18:28:10.354Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-35980",
"datePublished": "2023-07-25T18:28:10.354Z",
"dateReserved": "2023-06-20T18:43:02.966Z",
"dateUpdated": "2024-11-07T18:56:09.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22790
Vulnerability from cvelistv5
Published
2023-05-08 14:08
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.19 and below Version: Aruba InstantOS 8.10.x: 8.10.0.4 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple authenticated command injection vulnerabilities\u0026nbsp;exist in the Aruba InstantOS and ArubaOS 10 command line\u0026nbsp;interface. Successful exploitation of these vulnerabilities\u0026nbsp;result in the ability to execute arbitrary commands as a\u0026nbsp;privileged user on the underlying operating system."
}
],
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:08:43.190Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22790",
"datePublished": "2023-05-08T14:08:43.190Z",
"dateReserved": "2023-01-06T15:24:20.511Z",
"dateUpdated": "2024-08-02T10:20:30.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22783
Vulnerability from cvelistv5
Published
2023-05-08 14:03
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: InstantOS 8.10.x.x: 8.10.0.2 and below Version: ArubaOS 10.3.x.x: 10.3.1.4 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.2 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.4 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:03:47.963Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22783",
"datePublished": "2023-05-08T14:03:47.963Z",
"dateReserved": "2023-01-06T15:24:20.510Z",
"dateUpdated": "2024-08-02T10:20:31.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45624
Vulnerability from cvelistv5
Published
2023-11-14 22:57
Modified
2024-08-02 20:21
Severity ?
EPSS score ?
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.\u003c/p\u003e"
}
],
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:57:05.727Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45624",
"datePublished": "2023-11-14T22:57:05.727Z",
"dateReserved": "2023-10-09T16:22:24.804Z",
"dateUpdated": "2024-08-02T20:21:16.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42394
Vulnerability from cvelistv5
Published
2024-08-06 18:57
Modified
2024-08-07 14:27
Severity ?
EPSS score ?
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hpe:aruba_networking_instantos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aruba_networking_instantos",
"vendor": "hpe",
"versions": [
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:hpe:arubaos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "hpe",
"versions": [
{
"lessThanOrEqual": "8.12.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T13:58:43.755424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T14:27:21.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.\u003c/p\u003e"
}
],
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:43:44.092Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42394",
"datePublished": "2024-08-06T18:57:23.377Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-07T14:27:21.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22781
Vulnerability from cvelistv5
Published
2023-05-08 14:03
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: InstantOS 8.10.x.x: 8.10.0.2 and below Version: ArubaOS 10.3.x.x: 10.3.1.4 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.2 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x.x: 10.3.1.4 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik de Jong (bugcrowd.com/erikdejong)"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u0026nbsp;remote code execution by sending specially crafted packets\u0026nbsp;destined to the PAPI (Aruba\u0027s access point management\u0026nbsp;protocol) UDP port (8211). Successful exploitation of these\u0026nbsp;vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:03:42.187Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22781",
"datePublished": "2023-05-08T14:03:42.187Z",
"dateReserved": "2023-01-06T15:24:20.509Z",
"dateUpdated": "2024-08-02T10:20:30.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22791
Vulnerability from cvelistv5
Published
2023-05-08 14:10
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points running InstantOS and ArubaOS 10 |
Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.19 and below Version: Aruba InstantOS 8.10.x: 8.10.0.4 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below Version: See reference document for further details |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points running InstantOS and ArubaOS 10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.6.x: 8.6.0.19 and below"
},
{
"status": "affected",
"version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.3.x: 10.3.1.0 and below"
},
{
"status": "affected",
"version": "See reference document for further details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Zack Colgan of ClearBearing"
}
],
"datePublic": "2023-05-09T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u0026nbsp;where an edge-case combination of network configuration, a\u0026nbsp;specific WLAN environment and an attacker already possessing\u0026nbsp;valid user credentials on that WLAN can lead to sensitive\u0026nbsp;information being disclosed via the WLAN. The scenarios in\u0026nbsp;which this disclosure of potentially sensitive information\u0026nbsp;can occur are complex and depend on factors that are beyond\u0026nbsp;the control of the attacker."
}
],
"value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u00a0where an edge-case combination of network configuration, a\u00a0specific WLAN environment and an attacker already possessing\u00a0valid user credentials on that WLAN can lead to sensitive\u00a0information being disclosed via the WLAN. The scenarios in\u00a0which this disclosure of potentially sensitive information\u00a0can occur are complex and depend on factors that are beyond\u00a0the control of the attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T14:10:03.684Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Aruba InstantOS and ArubaOS 10 Sensitive Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-22791",
"datePublished": "2023-05-08T14:10:03.684Z",
"dateReserved": "2023-01-06T15:24:20.511Z",
"dateUpdated": "2024-08-02T10:20:30.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45618
Vulnerability from cvelistv5
Published
2023-11-14 22:51
Modified
2024-08-30 17:22
Severity ?
EPSS score ?
Summary
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; |
Version: ArubaOS 10.5.x.x: 10.5.0.0 and below Version: ArubaOS 10.4.x.x: 10.4.0.2 and below Version: InstantOS 8.11.x.x: 8.11.1.2 and below Version: InstantOS 8.10.x.x: 8.10.0.8 and below Version: InstantOS 8.6.x.x: 8.6.0.22 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:21:51.728265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:22:01.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.11.x.x: 8.11.1.2 and below"
},
{
"status": "affected",
"version": "InstantOS 8.10.x.x: 8.10.0.8 and below"
},
{
"status": "affected",
"version": "InstantOS 8.6.x.x: 8.6.0.22 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "XiaoC from Moonlight Bug Hunter"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\u003c/p\u003e"
}
],
"value": "There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:51:37.343Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-45618",
"datePublished": "2023-11-14T22:51:37.343Z",
"dateReserved": "2023-10-09T16:22:24.802Z",
"dateUpdated": "2024-08-30T17:22:01.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42400
Vulnerability from cvelistv5
Published
2024-08-06 19:51
Modified
2024-08-06 20:27
Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 Version: Version 10.6.0.0: 10.6.0.0 and below ≤ <=10.6.0.0 Version: Version 10.4.0.0: 10.4.1.3 and below ≤ <=10.4.1.3 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.1",
"status": "affected",
"version": "10.6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.2",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T20:27:16.617985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T20:27:49.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.6.0.0",
"status": "affected",
"version": "Version 10.6.0.0: 10.6.0.0 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.4.1.3",
"status": "affected",
"version": "Version 10.4.0.0: 10.4.1.3 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:51:17.264Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42400",
"datePublished": "2024-08-06T19:51:17.264Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-06T20:27:49.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de eliminaci\u00f3n de archivos arbitrarios en CLI Service al que accede PAPI (el protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda llevar a la capacidad de interrumpir el funcionamiento normal y afectar la integridad del punto de acceso."
}
],
"id": "CVE-2023-45617",
"lastModified": "2024-11-21T08:27:04.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.827",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 20:15
Modified
2024-08-23 15:06
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.6.0.0 | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB98F67-A6E1-43B3-BB2E-3700523FAC75",
"versionEndExcluding": "10.4.1.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11DB90E9-0029-4B54-91AA-8C4D7347F423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15B0E06-2E55-4AE2-A4F4-91433F58DD24",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el daemon Soft AP al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2024-42399",
"lastModified": "2024-08-23T15:06:13.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T20:15:40.717",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4069A9-344F-400B-8C26-8A3EB24C211B",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22783",
"lastModified": "2024-11-21T07:45:25.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.100",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de desbordamiento del b\u00fafer en CLI Service subyacente que podr\u00edan provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2023-45614",
"lastModified": "2024-11-21T08:27:04.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.313",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4069A9-344F-400B-8C26-8A3EB24C211B",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22779",
"lastModified": "2024-11-21T07:45:24.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:09.817",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de eliminaci\u00f3n arbitraria de archivos en AirWave Client Service al que accede PAPI (el protocolo de gesti\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda llevar a la capacidad de interrumpir el funcionamiento normal y afectar la integridad del punto de acceso."
}
],
"id": "CVE-2023-45618",
"lastModified": "2024-11-21T08:27:04.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.997",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba\u0027s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos en RSSI Service al que accede PAPI (el protocolo de gesti\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda llevar a la capacidad de interrumpir el funcionamiento normal y afectar la integridad del punto de acceso."
}
],
"id": "CVE-2023-45619",
"lastModified": "2024-11-21T08:27:04.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:10.167",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:09
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E576744-779A-4260-A652-DDDC13253852",
"versionEndExcluding": "6.4.4.8-4.2.4.22",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37FB799D-F5E8-43A1-AF0A-37EF2C96EE4C",
"versionEndExcluding": "6.5.4.25",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72B488-0300-4E55-9E51-2A654B5FACE4",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA44337-4B77-4117-ADA1-8C3172A0BBED",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD7FEF-A76F-47B3-93D0-97FE246F4AF9",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-35981",
"lastModified": "2024-11-21T08:09:06.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T19:15:11.410",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en CLI Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45620",
"lastModified": "2024-11-21T08:27:04.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:10.333",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal
operation of the affected access point.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal\n\noperation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) autenticada en CLI Service. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45627",
"lastModified": "2024-11-21T08:27:05.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:11.573",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en CLI Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45621",
"lastModified": "2024-11-21T08:27:04.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:10.497",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided\u00a0by Aruba InstantOS and ArubaOS 10. Successful exploitation of\u00a0this vulnerability results in the ability to interrupt the\u00a0normal operation of the affected access point."
}
],
"id": "CVE-2023-22787",
"lastModified": "2024-11-21T07:45:25.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.367",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4069A9-344F-400B-8C26-8A3EB24C211B",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22782",
"lastModified": "2024-11-21T07:45:25.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.010",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 19:15
Modified
2024-08-12 18:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "342197F7-9F17-4EED-9EEF-A5B1BB688234",
"versionEndExcluding": "10.4.1.4",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A600ADA-377E-400A-A409-C1D4CEE86286",
"versionEndExcluding": "10.6.0.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "661E77B0-1019-42EE-9DEE-9120E1E6CA81",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en AP Certificate Management Service que podr\u00eda permitir que un actor de amenazas ejecute un ataque RCE no autenticado. Una explotaci\u00f3n exitosa podr\u00eda permitir a un atacante ejecutar comandos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda comprometer completamente el sistema."
}
],
"id": "CVE-2024-42395",
"lastModified": "2024-08-12T18:23:57.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T19:15:57.017",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 19:15
Modified
2024-08-12 18:22
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "342197F7-9F17-4EED-9EEF-A5B1BB688234",
"versionEndExcluding": "10.4.1.4",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A600ADA-377E-400A-A409-C1D4CEE86286",
"versionEndExcluding": "10.6.0.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "661E77B0-1019-42EE-9DEE-9120E1E6CA81",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
},
{
"lang": "es",
"value": "Existen vulnerabilidades en el Soft AP Daemon Service que podr\u00edan permitir que un actor de amenazas ejecute un ataque RCE no autenticado. Una explotaci\u00f3n exitosa podr\u00eda permitir a un atacante ejecutar comandos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda comprometer completamente el sistema."
}
],
"id": "CVE-2024-42393",
"lastModified": "2024-08-12T18:22:45.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T19:15:56.640",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
5.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u00a0where an edge-case combination of network configuration, a\u00a0specific WLAN environment and an attacker already possessing\u00a0valid user credentials on that WLAN can lead to sensitive\u00a0information being disclosed via the WLAN. The scenarios in\u00a0which this disclosure of potentially sensitive information\u00a0can occur are complex and depend on factors that are beyond\u00a0the control of the attacker."
}
],
"id": "CVE-2023-22791",
"lastModified": "2024-11-21T07:45:26.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.647",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4069A9-344F-400B-8C26-8A3EB24C211B",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22786",
"lastModified": "2024-11-21T07:45:25.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.303",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4069A9-344F-400B-8C26-8A3EB24C211B",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22780",
"lastModified": "2024-11-21T07:45:24.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:09.880",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22788",
"lastModified": "2024-11-21T07:45:25.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.440",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de desbordamiento del b\u00fafer en CLI Service subyacente que podr\u00edan provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2023-45615",
"lastModified": "2024-11-21T08:27:04.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.487",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2023-45625",
"lastModified": "2024-11-21T08:27:05.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:11.243",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22789",
"lastModified": "2024-11-21T07:45:25.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.503",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 19:15
Modified
2024-08-12 18:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "342197F7-9F17-4EED-9EEF-A5B1BB688234",
"versionEndExcluding": "10.4.1.4",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A600ADA-377E-400A-A409-C1D4CEE86286",
"versionEndExcluding": "10.6.0.1",
"versionStartIncluding": "10.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "661E77B0-1019-42EE-9DEE-9120E1E6CA81",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."
},
{
"lang": "es",
"value": "Existen vulnerabilidades en el Soft AP Daemon Service que podr\u00edan permitir que un actor de amenazas ejecute un ataque RCE no autenticado. Una explotaci\u00f3n exitosa podr\u00eda permitir a un atacante ejecutar comandos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda comprometer completamente el sistema."
}
],
"id": "CVE-2024-42394",
"lastModified": "2024-08-12T18:23:19.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T19:15:56.830",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated command injection vulnerabilities\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00a0interface. Successful exploitation of these vulnerabilities\u00a0result in the ability to execute arbitrary commands as a\u00a0privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22790",
"lastModified": "2024-11-21T07:45:25.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.573",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4069A9-344F-400B-8C26-8A3EB24C211B",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22785",
"lastModified": "2024-11-21T07:45:25.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.233",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:09
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E576744-779A-4260-A652-DDDC13253852",
"versionEndExcluding": "6.4.4.8-4.2.4.22",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37FB799D-F5E8-43A1-AF0A-37EF2C96EE4C",
"versionEndExcluding": "6.5.4.25",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72B488-0300-4E55-9E51-2A654B5FACE4",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA44337-4B77-4117-ADA1-8C3172A0BBED",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD7FEF-A76F-47B3-93D0-97FE246F4AF9",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-35980",
"lastModified": "2024-11-21T08:09:06.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T19:15:11.327",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 20:15
Modified
2024-08-23 15:06
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.6.0.0 | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB98F67-A6E1-43B3-BB2E-3700523FAC75",
"versionEndExcluding": "10.4.1.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11DB90E9-0029-4B54-91AA-8C4D7347F423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15B0E06-2E55-4AE2-A4F4-91433F58DD24",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el daemon Soft AP al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2024-42398",
"lastModified": "2024-08-23T15:06:25.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T20:15:40.480",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 20:15
Modified
2024-08-23 15:06
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.6.0.0 | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB98F67-A6E1-43B3-BB2E-3700523FAC75",
"versionEndExcluding": "10.4.1.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11DB90E9-0029-4B54-91AA-8C4D7347F423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15B0E06-2E55-4AE2-A4F4-91433F58DD24",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el daemon Soft AP al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2024-42400",
"lastModified": "2024-08-23T15:06:00.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T20:15:40.943",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en AirWave Client Service subyacente que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente."
}
],
"id": "CVE-2023-45616",
"lastModified": "2024-11-21T08:27:04.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.663",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4069A9-344F-400B-8C26-8A3EB24C211B",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22784",
"lastModified": "2024-11-21T07:45:25.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:10.167",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-08 15:15
Modified
2024-11-21 07:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4069A9-344F-400B-8C26-8A3EB24C211B",
"versionEndIncluding": "10.3.1.0",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626",
"versionEndIncluding": "6.4.4.8-4.2.4.20",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50",
"versionEndIncluding": "6.5.4.23",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503",
"versionEndExcluding": "8.6.0.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF",
"versionEndIncluding": "8.6.0.19",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9",
"versionEndIncluding": "8.9.0.0",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B",
"versionEndIncluding": "8.10.0.4",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated\u00a0remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-22781",
"lastModified": "2024-11-21T07:45:24.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-08T15:15:09.943",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 19:15
Modified
2024-08-23 15:06
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15B0E06-2E55-4AE2-A4F4-91433F58DD24",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el daemon de AP Certificate Management al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2024-42397",
"lastModified": "2024-08-23T15:06:46.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T19:15:57.373",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en Wi-Fi Uplink Service al que se accede a trav\u00e9s a trav\u00e9s protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45623",
"lastModified": "2024-11-21T08:27:05.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:10.883",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) no autenticada en Soft Ap Daemon al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45624",
"lastModified": "2024-11-21T08:27:05.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:11.077",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n"
},
{
"lang": "es",
"value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en BLE Daemon Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2023-45622",
"lastModified": "2024-11-21T08:27:05.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:10.660",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-06 19:15
Modified
2024-08-23 15:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15B0E06-2E55-4AE2-A4F4-91433F58DD24",
"versionEndExcluding": "8.10.0.13",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59",
"versionEndExcluding": "8.12.0.2",
"versionStartIncluding": "8.12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio (DoS) no autenticadas en el daemon de AP Certificate Management al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado."
}
],
"id": "CVE-2024-42396",
"lastModified": "2024-08-23T15:07:02.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T19:15:57.200",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:09
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC",
"versionEndExcluding": "10.4.0.2",
"versionStartIncluding": "10.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E576744-779A-4260-A652-DDDC13253852",
"versionEndExcluding": "6.4.4.8-4.2.4.22",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37FB799D-F5E8-43A1-AF0A-37EF2C96EE4C",
"versionEndExcluding": "6.5.4.25",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72B488-0300-4E55-9E51-2A654B5FACE4",
"versionEndExcluding": "8.6.0.21",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA44337-4B77-4117-ADA1-8C3172A0BBED",
"versionEndExcluding": "8.10.0.7",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD7FEF-A76F-47B3-93D0-97FE246F4AF9",
"versionEndExcluding": "8.11.1.1",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets\u00a0destined to the PAPI (Aruba\u0027s access point management\u00a0protocol) UDP port (8211). Successful exploitation of these\u00a0vulnerabilities result in the ability to execute arbitrary\u00a0code as a privileged user on the underlying operating system."
}
],
"id": "CVE-2023-35982",
"lastModified": "2024-11-21T08:09:06.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T19:15:11.480",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:27
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arubanetworks | arubaos | * | |
| arubanetworks | arubaos | 10.5.0.0 | |
| hp | instantos | * | |
| hp | instantos | * | |
| hp | instantos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF",
"versionEndExcluding": "10.4.0.3",
"versionStartIncluding": "10.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D",
"versionEndExcluding": "8.6.0.23",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F",
"versionEndExcluding": "8.10.0.9",
"versionStartIncluding": "8.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543",
"versionEndExcluding": "8.11.2.0",
"versionStartIncluding": "8.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.\n\n"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad autenticada que permite a un atacante establecer de manera efectiva la ejecuci\u00f3n de c\u00f3digo arbitrario persistente y altamente privilegiado a lo largo de los ciclos de arranque."
}
],
"id": "CVE-2023-45626",
"lastModified": "2024-11-21T08:27:05.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:11.410",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}