{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eArubaOS versions 10.5.x.x ant\u00e9rieures \u00e0 10.5.1.0\u003c/li\u003e \u003cli\u003eArubaOS versions 10.4.x.x ant\u00e9rieures \u00e0 10.4.1.0\u003c/li\u003e \u003cli\u003eArubaOS versions 8.11.x.x ant\u00e9rieures \u00e0 8.11.2.1\u003c/li\u003e \u003cli\u003eArubaOS versions 8.10.x.x ant\u00e9rieures \u00e0 8.10.0.10\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur rappelle que ArubaOS version 10.3.x, 8.9.x, 8.8.x, 8.7.x, 8.6.x et 6.5.4.x ainsi que les versions SD-WAN 88.7.0.0-2.3.0.x et\u00a08.6.0.4-2.2.x ne sont plus maintenues et ne b\u00e9n\u00e9ficient pas d\u0027un correctif de s\u00e9curit\u00e9.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les mesures de\ncontournement (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-25611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25611"
    },
    {
      "name": "CVE-2024-25613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25613"
    },
    {
      "name": "CVE-2024-1356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1356"
    },
    {
      "name": "CVE-2024-25615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25615"
    },
    {
      "name": "CVE-2024-25612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25612"
    },
    {
      "name": "CVE-2024-25616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25616"
    },
    {
      "name": "CVE-2024-25614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25614"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0188",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits HPE\nAruba Networking. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits HPE Aruba Networking",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HPE Aruba Networking ARUBA-PSA-2024-002 du 05 mars 2024",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eArubaOS versions 10.5.x.x ant\u00e9rieures \u00e0 10.5.1.0\u003c/li\u003e \u003cli\u003eArubaOS versions 10.4.x.x ant\u00e9rieures \u00e0 10.4.1.0\u003c/li\u003e \u003cli\u003eArubaOS versions 8.11.x.x ant\u00e9rieures \u00e0 8.11.2.1\u003c/li\u003e \u003cli\u003eArubaOS versions 8.10.x.x ant\u00e9rieures \u00e0 8.10.0.10\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur rappelle que ArubaOS version 10.3.x, 8.9.x, 8.8.x, 8.7.x, 8.6.x et 6.5.4.x ainsi que les versions SD-WAN 88.7.0.0-2.3.0.x et\u00a08.6.0.4-2.2.x ne sont plus maintenues et ne b\u00e9n\u00e9ficient pas d\u0027un correctif de s\u00e9curit\u00e9.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les mesures de\ncontournement (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-25611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25611"
    },
    {
      "name": "CVE-2024-25613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25613"
    },
    {
      "name": "CVE-2024-1356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1356"
    },
    {
      "name": "CVE-2024-25615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25615"
    },
    {
      "name": "CVE-2024-25612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25612"
    },
    {
      "name": "CVE-2024-25616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25616"
    },
    {
      "name": "CVE-2024-25614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25614"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0188",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits HPE\nAruba Networking. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits HPE Aruba Networking",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HPE Aruba Networking ARUBA-PSA-2024-002 du 05 mars 2024",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2697A3FE-2435-49E4-9E21-AB4F7D664D62",
              "versionEndExcluding": "8.10.0.10",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CAF4A34-8D72-4337-A761-FDB404816DBE",
              "versionEndExcluding": "8.11.2.1",
              "versionStartIncluding": "8.11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "461A0E90-278E-4759-94C7-F18510AA9C13",
              "versionEndExcluding": "10.4.1.0",
              "versionStartIncluding": "10.4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42E8AC1B-B80A-43C4-B4CE-C9CDF23E7DD3",
              "versionEndExcluding": "10.5.1.0",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n"
    },
    {
      "lang": "es",
      "value": "Aruba ha identificado ciertas configuraciones de ArubaOS que pueden conducir a la divulgaci\u00f3n parcial de informaci\u00f3n confidencial en el proceso de negociaci\u00f3n IKE_AUTH. Los escenarios en los que puede ocurrir la divulgaci\u00f3n de informaci\u00f3n potencialmente confidencial son complejos y dependen de factores que escapan al control de los atacantes."
    }
  ],
  "id": "CVE-2024-25616",
  "lastModified": "2025-07-28T13:02:28.593",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-03-05T21:15:08.807",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2024-25616"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-05T21:15:08Z",
    "severity": "LOW"
  },
  "details": "Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n",
  "id": "GHSA-jc62-23v4-pcpq",
  "modified": "2024-03-05T21:30:25Z",
  "published": "2024-03-05T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25616"
    },
    {
      "type": "WEB",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-25616"
      ],
      "details": "Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n",
      "id": "GSD-2024-25616",
      "modified": "2024-02-09T06:02:34.337603Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-alert@hpe.com",
        "ID": "CVE-2024-25616",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                              },
                              {
                                "status": "affected",
                                "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                              },
                              {
                                "status": "affected",
                                "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                              },
                              {
                                "status": "affected",
                                "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Hewlett Packard Enterprise (HPE)"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Aruba Engineering"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt",
            "refsource": "MISC",
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n"
          },
          {
            "lang": "es",
            "value": "Aruba ha identificado ciertas configuraciones de ArubaOS que pueden conducir a la divulgaci\u00f3n parcial de informaci\u00f3n confidencial en el proceso de negociaci\u00f3n IKE_AUTH. Los escenarios en los que puede ocurrir la divulgaci\u00f3n de informaci\u00f3n potencialmente confidencial son complejos y dependen de factores que escapan al control de los atacantes."
          }
        ],
        "id": "CVE-2024-25616",
        "lastModified": "2024-03-06T15:18:08.093",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 1.4,
              "source": "security-alert@hpe.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-03-05T21:15:08.807",
        "references": [
          {
            "source": "security-alert@hpe.com",
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
          }
        ],
        "sourceIdentifier": "security-alert@hpe.com",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "ArubaOS ist das Betriebssystem der Aruba Netzwerkprodukte.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um beliebigen Programmcode auszuf\u00fchren einen Denial of Service zu verursachen oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0563 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0563.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0563 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0563"
      },
      {
        "category": "external",
        "summary": "HPE Aruba Networking Product Security Advisory vom 2024-03-05",
        "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
      }
    ],
    "source_lang": "en-US",
    "title": "Aruba ArubaOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-03-05T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:06:10.483+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0563",
      "initial_release_date": "2024-03-05T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-03-05T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 10.5.1.0",
                "product": {
                  "name": "Aruba ArubaOS \u003c 10.5.1.0",
                  "product_id": "T033261"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 10.4.1.0",
                "product": {
                  "name": "Aruba ArubaOS \u003c 10.4.1.0",
                  "product_id": "T033262"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 8.11.2.1",
                "product": {
                  "name": "Aruba ArubaOS \u003c 8.11.2.1",
                  "product_id": "T033263"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 8.10.0.10",
                "product": {
                  "name": "Aruba ArubaOS \u003c 8.10.0.10",
                  "product_id": "T033264"
                }
              }
            ],
            "category": "product_name",
            "name": "ArubaOS"
          }
        ],
        "category": "vendor",
        "name": "Aruba"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-25613",
      "notes": [
        {
          "category": "description",
          "text": "In Aruba ArubaOS existieren mehrere Schwachstellen. In der Befehlszeilenschnittstelle k\u00f6nnen unberechtigt Befehle injiziert werden. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um beliebige Befehle als privilegierter Benutzer auf dem zugrunde liegenden Betriebssystem auszuf\u00fchren."
        }
      ],
      "release_date": "2024-03-05T23:00:00.000+00:00",
      "title": "CVE-2024-25613"
    },
    {
      "cve": "CVE-2024-25612",
      "notes": [
        {
          "category": "description",
          "text": "In Aruba ArubaOS existieren mehrere Schwachstellen. In der Befehlszeilenschnittstelle k\u00f6nnen unberechtigt Befehle injiziert werden. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um beliebige Befehle als privilegierter Benutzer auf dem zugrunde liegenden Betriebssystem auszuf\u00fchren."
        }
      ],
      "release_date": "2024-03-05T23:00:00.000+00:00",
      "title": "CVE-2024-25612"
    },
    {
      "cve": "CVE-2024-25611",
      "notes": [
        {
          "category": "description",
          "text": "In Aruba ArubaOS existieren mehrere Schwachstellen. In der Befehlszeilenschnittstelle k\u00f6nnen unberechtigt Befehle injiziert werden. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um beliebige Befehle als privilegierter Benutzer auf dem zugrunde liegenden Betriebssystem auszuf\u00fchren."
        }
      ],
      "release_date": "2024-03-05T23:00:00.000+00:00",
      "title": "CVE-2024-25611"
    },
    {
      "cve": "CVE-2024-1356",
      "notes": [
        {
          "category": "description",
          "text": "In Aruba ArubaOS existieren mehrere Schwachstellen. In der Befehlszeilenschnittstelle k\u00f6nnen unberechtigt Befehle injiziert werden. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um beliebige Befehle als privilegierter Benutzer auf dem zugrunde liegenden Betriebssystem auszuf\u00fchren."
        }
      ],
      "release_date": "2024-03-05T23:00:00.000+00:00",
      "title": "CVE-2024-1356"
    },
    {
      "cve": "CVE-2024-25614",
      "notes": [
        {
          "category": "description",
          "text": "In Aruba ArubaOS existiert eine Schwachstelle. Diese besteht im CLI und erm\u00f6glicht es, beliebige Dateien auf dem Dateien auf dem zugrunde liegenden Betriebssystem zu l\u00f6schen. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen und die Integrit\u00e4t zu gef\u00e4hrden."
        }
      ],
      "release_date": "2024-03-05T23:00:00.000+00:00",
      "title": "CVE-2024-25614"
    },
    {
      "cve": "CVE-2024-25615",
      "notes": [
        {
          "category": "description",
          "text": "In Aruba ArubaOS existiert eine Schwachstelle. Diese besteht im Spectrum-Dienst, auf den \u00fcber das PAPI-Protokoll zugegriffen wird. Ein entfernter, anonymer Angreifer kann das ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "release_date": "2024-03-05T23:00:00.000+00:00",
      "title": "CVE-2024-25615"
    },
    {
      "cve": "CVE-2024-25616",
      "notes": [
        {
          "category": "description",
          "text": "In Aruba ArubaOS existiert eine Schwachstelle. Im IKE_AUTH-Verhandlungsprozess besteht ein Problem, das zur teilweisen Offenlegung sensibler Informationen f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um diese Informationen auszusp\u00e4hen."
        }
      ],
      "release_date": "2024-03-05T23:00:00.000+00:00",
      "title": "CVE-2024-25616"
    }
  ]
}