Vulnerability-Lookup

BDU:2025-04745

Vulnerability from fstec - Published: 02.08.2024

Title

Уязвимость интерфейса CLI микропрограммного обеспечения точек доступа HPE Aruba Networking Access Points, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость интерфейса CLI микропрограммного обеспечения точек доступа HPE Aruba Networking Access Points связана с непринятием мер по чистке данных на управляющем уровне. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путем отправки специально созданных пакетов на UDP-порт (8211) протокола PAPI

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Aruba Networks

Software Name

ArubaOS, InstantOS

Software Version

от 10.6.0.0 до 10.6.0.2 включительно (ArubaOS), 10.5.0.0 (ArubaOS), 10.3.0.0 (ArubaOS), от 10.4.0.0 до 10.4.1.3 включительно (ArubaOS), от 8.12.0.0 до 8.12.0.1 включительно (InstantOS), от 8.10.0.0 до 8.10.0.13 включительно (InstantOS), 8.11.0.0 (InstantOS), 8.9.0.0 (InstantOS), 8.8.0.0 (InstantOS), 8.7.0.0 (InstantOS), 8.6.0.0 (InstantOS), 8.5.0.0 (InstantOS), 8.4.0.0 (InstantOS), 6.5.0.0 (InstantOS), 6.4.0.0 (InstantOS)

Possible Mitigations

Использование рекомендаций производителя: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US

Reference

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US https://vuldb.com/?id.278408

CWE

CWE-77

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Aruba Networks",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 10.6.0.0 \u0434\u043e 10.6.0.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (ArubaOS), 10.5.0.0 (ArubaOS), 10.3.0.0 (ArubaOS), \u043e\u0442 10.4.0.0 \u0434\u043e 10.4.1.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (ArubaOS), \u043e\u0442 8.12.0.0 \u0434\u043e 8.12.0.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (InstantOS), \u043e\u0442 8.10.0.0 \u0434\u043e 8.10.0.13 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (InstantOS), 8.11.0.0 (InstantOS), 8.9.0.0 (InstantOS), 8.8.0.0 (InstantOS), 8.7.0.0 (InstantOS), 8.6.0.0 (InstantOS), 8.5.0.0 (InstantOS), 8.4.0.0 (InstantOS), 6.5.0.0 (InstantOS), 6.4.0.0 (InstantOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us\u0026docLocale=en_US",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.08.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.04.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.04.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-04745",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-42506",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ArubaOS, InstantOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Aruba Networks ArubaOS - Aruba 100 Series Access Points, Aruba Networks ArubaOS - Aruba 103 Series Access Points, Aruba Networks ArubaOS - Aruba 110 Series Access Points, Aruba Networks ArubaOS - Aruba 120 Series Access Points, Aruba Networks ArubaOS - Aruba 130 Series Access Points, Aruba Networks ArubaOS - Aruba 200 Series Access Points, Aruba Networks ArubaOS - Aruba 207 Series Access Points, Aruba Networks ArubaOS - Aruba 210 Series Access Points, Aruba Networks ArubaOS - Aruba 220 Series Access Points, Aruba Networks ArubaOS - Aruba 260 Series Access Points, Aruba Networks ArubaOS - Aruba 300 Series Access Points, Aruba Networks ArubaOS - Aruba 303 Series Access Points, Aruba Networks ArubaOS - Aruba 310 Series Access Points, Aruba Networks ArubaOS - Aruba 320 Series Access Points, Aruba Networks ArubaOS - Aruba 330 Series Access Points, Aruba Networks ArubaOS - Aruba 340 Series Access Points, Aruba Networks ArubaOS - Aruba 370 Series Access Points, Aruba Networks ArubaOS - Aruba 500 Series Access Points, Aruba Networks ArubaOS - Aruba 510 Series Access Points, Aruba Networks ArubaOS - Aruba 530 Series Access Points, Aruba Networks ArubaOS - Aruba 550 Series Access Points, Aruba Networks ArubaOS - Aruba 630 Series Access Points, Aruba Networks ArubaOS - Aruba 650 Series Access Points, Aruba Networks InstantOS - Aruba 100 Series Access Points, Aruba Networks InstantOS - Aruba 103 Series Access Points, Aruba Networks InstantOS - Aruba 110 Series Access Points, Aruba Networks InstantOS - Aruba 120 Series Access Points, Aruba Networks InstantOS - Aruba 130 Series Access Points, Aruba Networks InstantOS - Aruba 200 Series Access Points, Aruba Networks InstantOS - Aruba 207 Series Access Points, Aruba Networks InstantOS - Aruba 210 Series Access Points, Aruba Networks InstantOS - Aruba 220 Series Access Points, Aruba Networks InstantOS - Aruba 260 Series Access Points, Aruba Networks InstantOS - Aruba 300 Series Access Points, Aruba Networks InstantOS - Aruba 303 Series Access Points, Aruba Networks InstantOS - Aruba 310 Series Access Points, Aruba Networks InstantOS - Aruba 320 Series Access Points, Aruba Networks InstantOS - Aruba 330 Series Access Points, Aruba Networks InstantOS - Aruba 340 Series Access Points, Aruba Networks InstantOS - Aruba 370 Series Access Points, Aruba Networks InstantOS - Aruba 500 Series Access Points, Aruba Networks InstantOS - Aruba 510 Series Access Points, Aruba Networks InstantOS - Aruba 530 Series Access Points, Aruba Networks InstantOS - Aruba 550 Series Access Points, Aruba Networks InstantOS - Aruba 630 Series Access Points, Aruba Networks InstantOS - Aruba 650 Series Access Points",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 CLI \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u0447\u0435\u043a \u0434\u043e\u0441\u0442\u0443\u043f\u0430 HPE Aruba Networking Access Points, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0447\u0438\u0441\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u043c \u0443\u0440\u043e\u0432\u043d\u0435 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443) (CWE-77)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 CLI \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u0447\u0435\u043a \u0434\u043e\u0441\u0442\u0443\u043f\u0430 HPE Aruba Networking Access Points \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0447\u0438\u0441\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u043c \u0443\u0440\u043e\u0432\u043d\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043d\u0430 UDP-\u043f\u043e\u0440\u0442 (8211) \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 PAPI",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us\u0026docLocale=en_US\nhttps://vuldb.com/?id.278408",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-77",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CVE-2024-42506 (GCVE-0-2024-42506)

Vulnerability from cvelistv5 – Published: 2024-09-24 18:10 – Updated: 2024-09-26 03:55

Title

Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol

Summary

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

hpe

References

URL

Tags

https://support.hpe.com/hpesc/public/docDisplay?d…

Impacted products

	Vendor	Product	Version
	Hewlett Packard Enterprise (HPE)	Aruba OS	Affected: Version 10.5.0.0: 10.6.0.2 and below , ≤ <=10.6.0.2 (semver) Affected: Version 10.0.0.0: 10.4.1.13 and below , ≤ <=10.4.1.13 (semver) Affected: Version 6.4.0.0: 8.10.0.13 and below , ≤ <=8.10.0.13 (semver) Affected: Version 8.11.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1 (semver)

Credits

erikdejong

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "arubaos",
            "vendor": "arubanetworks",
            "versions": [
              {
                "lessThanOrEqual": "10.6.0.2",
                "status": "affected",
                "version": "10.5.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "10.4.1.13",
                "status": "affected",
                "version": "10.0.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.10.0.13",
                "status": "affected",
                "version": "6.4.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.12.0.1",
                "status": "affected",
                "version": "8.11.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42506",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T03:55:50.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Aruba OS",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "lessThanOrEqual": "\u003c=10.6.0.2",
              "status": "affected",
              "version": "Version 10.5.0.0: 10.6.0.2 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=10.4.1.13",
              "status": "affected",
              "version": "Version 10.0.0.0: 10.4.1.13 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=8.10.0.13",
              "status": "affected",
              "version": "Version 6.4.0.0: 8.10.0.13 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=8.12.0.1",
              "status": "affected",
              "version": "Version 8.11.0.0: 8.12.0.1 and below",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "erikdejong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCommand injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
            }
          ],
          "value": "Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-24T18:10:30.812Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us\u0026docLocale=en_US"
        }
      ],
      "source": {
        "advisory": "HPESBNW04712",
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2024-42506",
    "datePublished": "2024-09-24T18:10:30.812Z",
    "dateReserved": "2024-08-02T17:04:57.632Z",
    "dateUpdated": "2024-09-26T03:55:50.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2025-04745

CVE-2024-42506 (GCVE-0-2024-42506)

Tags

Sightings

Nomenclature