certfr_avis - certfr-2024-avi-0808

CERTFR-2024-AVI-0808

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les versions 10.5.x d'AOS et 8.11.x d'Instant AOS sont également vulnérables mais ne bénéficieront pas de correctifs de sécurité.

Impacted products

Vendor	Product	Description
HPE Aruba Networking	AOS	Aruba OS versions 10.6.x antérieures à 10.6.0.3
HPE Aruba Networking	AOS	Aruba OS versions antérieures à 10.4.1.4
HPE Aruba Networking	Instant AOS	Aruba InstantOS versions 8.12.x antérieures à 8.12.0.2
HPE Aruba Networking	Instant AOS	Aruba InstantOS versions antérieures à 8.10.0.14

References

Title

Publication Time

Tags

Bulletin de sécurité HPE Aruba Networking HPESBNW04712

2024-09-24

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Aruba OS versions 10.6.x ant\u00e9rieures \u00e0 10.6.0.3",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Aruba OS versions ant\u00e9rieures \u00e0 10.4.1.4",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Aruba InstantOS versions 8.12.x ant\u00e9rieures \u00e0 8.12.0.2",
      "product": {
        "name": "Instant AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Aruba InstantOS versions ant\u00e9rieures \u00e0 8.10.0.14",
      "product": {
        "name": "Instant AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les versions 10.5.x d\u0027AOS et 8.11.x d\u0027Instant AOS sont \u00e9galement vuln\u00e9rables mais ne b\u00e9n\u00e9ficieront pas de correctifs de s\u00e9curit\u00e9.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-42506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42506"
    },
    {
      "name": "CVE-2024-42505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42505"
    },
    {
      "name": "CVE-2024-42507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42507"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0808",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits HPE Aruba Networking. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits HPE Aruba Networking",
  "vendor_advisories": [
    {
      "published_at": "2024-09-24",
      "title": "Bulletin de s\u00e9curit\u00e9 HPE Aruba Networking HPESBNW04712",
      "url": "https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04712.txt"
    }
  ]
}

CVE-2024-42507 (GCVE-0-2024-42507)

Vulnerability from cvelistv5 – Published: 2024-09-24 18:11 – Updated: 2024-09-26 03:55

Summary

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

hpe

References

URL

Tags

https://support.hpe.com/hpesc/public/docDisplay?d…

Impacted products

	Vendor	Product	Version
	Hewlett Packard Enterprise (HPE)	Aruba OS	Affected: Version 10.5.0.0: 10.6.0.2 and below , ≤ <=10.6.0.2 (semver) Affected: Version 10.0.0.0: 10.4.1.13 and below , ≤ <=10.4.1.13 (semver) Affected: Version 6.4.0.0: 8.10.0.13 and below , ≤ <=8.10.0.13 (semver) Affected: Version 8.11.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1 (semver)

Credits

erikdejong

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "arubaos",
            "vendor": "arubanetworks",
            "versions": [
              {
                "lessThanOrEqual": "10.6.0.2",
                "status": "affected",
                "version": "10.5.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "10.4.1.13",
                "status": "affected",
                "version": "10.0.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.10.0.13",
                "status": "affected",
                "version": "6.4.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.12.0.1",
                "status": "affected",
                "version": "8.11.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42507",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T03:55:51.695Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Aruba OS",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "lessThanOrEqual": "\u003c=10.6.0.2",
              "status": "affected",
              "version": "Version 10.5.0.0: 10.6.0.2 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=10.4.1.13",
              "status": "affected",
              "version": "Version 10.0.0.0: 10.4.1.13 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=8.10.0.13",
              "status": "affected",
              "version": "Version 6.4.0.0: 8.10.0.13 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=8.12.0.1",
              "status": "affected",
              "version": "Version 8.11.0.0: 8.12.0.1 and below",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "erikdejong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCommand injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
            }
          ],
          "value": "Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-24T18:11:37.946Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us\u0026docLocale=en_US"
        }
      ],
      "source": {
        "advisory": "HPESBNW04712",
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2024-42507",
    "datePublished": "2024-09-24T18:11:37.946Z",
    "dateReserved": "2024-08-02T17:04:57.632Z",
    "dateUpdated": "2024-09-26T03:55:51.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42505 (GCVE-0-2024-42505)

Vulnerability from cvelistv5 – Published: 2024-09-24 18:09 – Updated: 2024-09-26 03:55

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

hpe

References

URL

Tags

https://support.hpe.com/hpesc/public/docDisplay?d…

Impacted products

	Vendor	Product	Version
	Hewlett Packard Enterprise (HPE)	Aruba OS	Affected: Version 10.5.0.0: 10.6.0.2 and below , ≤ <=10.6.0.2 (semver) Affected: Version 10.0.0.0: 10.4.1.13 and below , ≤ <=10.4.1.13 (semver) Affected: Version 6.4.0.0: 8.10.0.13 and below , ≤ <=8.10.0.13 (semver) Affected: Version 8.11.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1 (semver)

Credits

erikdejong

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "arubaos",
            "vendor": "arubanetworks",
            "versions": [
              {
                "lessThanOrEqual": "10.6.0.2",
                "status": "affected",
                "version": "10.5.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "10.4.1.13",
                "status": "affected",
                "version": "10.0.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.10.0.13",
                "status": "affected",
                "version": "6.4.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.12.0.1",
                "status": "affected",
                "version": "8.11.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42505",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T03:55:49.884Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Aruba OS",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "lessThanOrEqual": "\u003c=10.6.0.2",
              "status": "affected",
              "version": "Version 10.5.0.0: 10.6.0.2 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=10.4.1.13",
              "status": "affected",
              "version": "Version 10.0.0.0: 10.4.1.13 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=8.10.0.13",
              "status": "affected",
              "version": "Version 6.4.0.0: 8.10.0.13 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=8.12.0.1",
              "status": "affected",
              "version": "Version 8.11.0.0: 8.12.0.1 and below",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "erikdejong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCommand injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
            }
          ],
          "value": "Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-24T18:09:27.417Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us\u0026docLocale=en_US"
        }
      ],
      "source": {
        "advisory": "HPESBNW04712",
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2024-42505",
    "datePublished": "2024-09-24T18:09:27.417Z",
    "dateReserved": "2024-08-02T17:04:57.632Z",
    "dateUpdated": "2024-09-26T03:55:49.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42506 (GCVE-0-2024-42506)

Vulnerability from cvelistv5 – Published: 2024-09-24 18:10 – Updated: 2024-09-26 03:55

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

hpe

References

URL

Tags

https://support.hpe.com/hpesc/public/docDisplay?d…

Impacted products

	Vendor	Product	Version
	Hewlett Packard Enterprise (HPE)	Aruba OS	Affected: Version 10.5.0.0: 10.6.0.2 and below , ≤ <=10.6.0.2 (semver) Affected: Version 10.0.0.0: 10.4.1.13 and below , ≤ <=10.4.1.13 (semver) Affected: Version 6.4.0.0: 8.10.0.13 and below , ≤ <=8.10.0.13 (semver) Affected: Version 8.11.0.0: 8.12.0.1 and below , ≤ <=8.12.0.1 (semver)

Credits

erikdejong

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "arubaos",
            "vendor": "arubanetworks",
            "versions": [
              {
                "lessThanOrEqual": "10.6.0.2",
                "status": "affected",
                "version": "10.5.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "10.4.1.13",
                "status": "affected",
                "version": "10.0.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.10.0.13",
                "status": "affected",
                "version": "6.4.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.12.0.1",
                "status": "affected",
                "version": "8.11.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42506",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T03:55:50.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Aruba OS",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "lessThanOrEqual": "\u003c=10.6.0.2",
              "status": "affected",
              "version": "Version 10.5.0.0: 10.6.0.2 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=10.4.1.13",
              "status": "affected",
              "version": "Version 10.0.0.0: 10.4.1.13 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=8.10.0.13",
              "status": "affected",
              "version": "Version 6.4.0.0: 8.10.0.13 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=8.12.0.1",
              "status": "affected",
              "version": "Version 8.11.0.0: 8.12.0.1 and below",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "erikdejong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCommand injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\u003c/p\u003e"
            }
          ],
          "value": "Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-24T18:10:30.812Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us\u0026docLocale=en_US"
        }
      ],
      "source": {
        "advisory": "HPESBNW04712",
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2024-42506",
    "datePublished": "2024-09-24T18:10:30.812Z",
    "dateReserved": "2024-08-02T17:04:57.632Z",
    "dateUpdated": "2024-09-26T03:55:50.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2024-AVI-0808

Solutions

CVE-2024-42507 (GCVE-0-2024-42507)

CVE-2024-42505 (GCVE-0-2024-42505)

CVE-2024-42506 (GCVE-0-2024-42506)

Tags

Sightings

Nomenclature