Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-47463 (GCVE-0-2024-47463)
Vulnerability from cvelistv5 – Published: 2024-11-05 22:59 – Updated: 2024-11-09 04:55
VLAI
EPSS
Title
Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
Summary
An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.
Severity
7.2 (High)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 |
Affected:
AOS-10.4.x.x: 10.4.1.4 and below , ≤ <=10.4.1.4
(semver)
Affected: Instant AOS-8.12.x.x: 8.12.0.2 and below , ≤ <=8.12.0.2 (semver) Affected: Instant AOS-8.10.x.x: 8.10.0.13 and below , ≤ <=8.10.0.13 (semver) |
Date Public
2024-11-05 17:00
Credits
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.4",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "semver"
},
{
"lessThan": "10.7.0.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
},
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "semver"
},
{
"lessThan": "8.12.0.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-09T04:55:52.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=10.4.1.4",
"status": "affected",
"version": "AOS-10.4.x.x: 10.4.1.4 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.12.0.2",
"status": "affected",
"version": "Instant AOS-8.12.x.x: 8.12.0.2 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.13",
"status": "affected",
"version": "Instant AOS-8.10.x.x: 8.10.0.13 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-11-05T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eAn arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T22:59:04.966Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04722",
"discovery": "EXTERNAL"
},
"title": "Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-47463",
"datePublished": "2024-11-05T22:59:04.966Z",
"dateReserved": "2024-09-24T18:13:23.209Z",
"dateUpdated": "2024-11-09T04:55:52.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-47463",
"date": "2026-05-27",
"epss": "0.01398",
"percentile": "0.80662"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.\"}, {\"lang\": \"es\", \"value\": \" Existe una vulnerabilidad de creaci\\u00f3n de archivos arbitrarios en la interfaz de l\\u00ednea de comandos de Instant AOS-8 y AOS-10. La explotaci\\u00f3n exitosa de esta vulnerabilidad podr\\u00eda permitir que un atacante remoto autenticado cree archivos arbitrarios, lo que podr\\u00eda provocar una ejecuci\\u00f3n remota de comandos (RCE) en el sistema operativo subyacente.\"}]",
"id": "CVE-2024-47463",
"lastModified": "2024-11-06T18:17:17.287",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-alert@hpe.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
"published": "2024-11-05T23:15:04.123",
"references": "[{\"url\": \"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us\u0026docLocale=en_US\", \"source\": \"security-alert@hpe.com\"}]",
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Awaiting Analysis"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47463\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2024-11-05T23:15:04.123\",\"lastModified\":\"2024-11-06T18:17:17.287\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.\"},{\"lang\":\"es\",\"value\":\" Existe una vulnerabilidad de creaci\u00f3n de archivos arbitrarios en la interfaz de l\u00ednea de comandos de Instant AOS-8 y AOS-10. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir que un atacante remoto autenticado cree archivos arbitrarios, lo que podr\u00eda provocar una ejecuci\u00f3n remota de comandos (RCE) en el sistema operativo subyacente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-alert@hpe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"references\":[{\"url\":\"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us\u0026docLocale=en_US\",\"source\":\"security-alert@hpe.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47463\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-06T15:15:20.421349Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*\"], \"vendor\": \"arubanetworks\", \"product\": \"arubaos\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.4.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.4.1.4\"}, {\"status\": \"affected\", \"version\": \"10.3.0.0\", \"lessThan\": \"10.4.0.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.5.0.0\", \"lessThan\": \"10.7.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*\"], \"vendor\": \"arubanetworks\", \"product\": \"instant\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.12.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.12.0.2\"}, {\"status\": \"affected\", \"version\": \"8.10.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.10.0.13\"}, {\"status\": \"affected\", \"version\": \"6.4.0.0\", \"lessThan\": \"6.6.0.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.4.0.0\", \"lessThan\": \"8.10.0.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.11.0.0\", \"lessThan\": \"8.12.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"affected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-06T15:41:18.642Z\"}}], \"cna\": {\"title\": \"Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)\", \"source\": {\"advisory\": \"HPESBNW04722\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hewlett Packard Enterprise (HPE)\", \"product\": \"HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10\", \"versions\": [{\"status\": \"affected\", \"version\": \"AOS-10.4.x.x: 10.4.1.4 and below\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.4.1.4\"}, {\"status\": \"affected\", \"version\": \"Instant AOS-8.12.x.x: 8.12.0.2 and below\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=8.12.0.2\"}, {\"status\": \"affected\", \"version\": \"Instant AOS-8.10.x.x: 8.10.0.13 and below\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=8.10.0.13\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2024-11-05T17:00:00.000Z\", \"references\": [{\"url\": \"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us\u0026docLocale=en_US\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cdiv\u003eAn arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.\u003c/div\u003e\u003c/div\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"shortName\": \"hpe\", \"dateUpdated\": \"2024-11-05T22:59:04.966Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-47463\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-09T04:55:52.279Z\", \"dateReserved\": \"2024-09-24T18:13:23.209Z\", \"assignerOrgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"datePublished\": \"2024-11-05T22:59:04.966Z\", \"assignerShortName\": \"hpe\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0945
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| HPE Aruba Networking | AOS | AOS versions 10.7.x antérieures à 10.7.0.0 | ||
| HPE Aruba Networking | Instant AOS | Instant AOS versions 8.12.x antérieures à 8.12.0.3 | ||
| HPE Aruba Networking | AOS | AOS versions 10.4.x antérieures à 10.4.1.5 | ||
| HPE Aruba Networking | Instant AOS | Instant AOS versions 8.10.x antérieures à 8.10.0.14 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AOS versions 10.7.x ant\u00e9rieures \u00e0 10.7.0.0",
"product": {
"name": "AOS",
"vendor": {
"name": "HPE Aruba Networking",
"scada": false
}
}
},
{
"description": "Instant AOS versions 8.12.x ant\u00e9rieures \u00e0 8.12.0.3",
"product": {
"name": "Instant AOS",
"vendor": {
"name": "HPE Aruba Networking",
"scada": false
}
}
},
{
"description": "AOS versions 10.4.x ant\u00e9rieures \u00e0 10.4.1.5",
"product": {
"name": "AOS",
"vendor": {
"name": "HPE Aruba Networking",
"scada": false
}
}
},
{
"description": "Instant AOS versions 8.10.x ant\u00e9rieures \u00e0 8.10.0.14",
"product": {
"name": "Instant AOS",
"vendor": {
"name": "HPE Aruba Networking",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-47462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47462"
},
{
"name": "CVE-2024-47461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47461"
},
{
"name": "CVE-2024-47464",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47464"
},
{
"name": "CVE-2024-47460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47460"
},
{
"name": "CVE-2024-42509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42509"
},
{
"name": "CVE-2024-47463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47463"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0945",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits HPE Aruba Networking. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits HPE Aruba Networking",
"vendor_advisories": [
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 HPE Aruba Networking HPESBNW04722",
"url": "https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04722.txt"
}
]
}
CERTFR-2024-AVI-0945
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| HPE Aruba Networking | AOS | AOS versions 10.7.x antérieures à 10.7.0.0 | ||
| HPE Aruba Networking | Instant AOS | Instant AOS versions 8.12.x antérieures à 8.12.0.3 | ||
| HPE Aruba Networking | AOS | AOS versions 10.4.x antérieures à 10.4.1.5 | ||
| HPE Aruba Networking | Instant AOS | Instant AOS versions 8.10.x antérieures à 8.10.0.14 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AOS versions 10.7.x ant\u00e9rieures \u00e0 10.7.0.0",
"product": {
"name": "AOS",
"vendor": {
"name": "HPE Aruba Networking",
"scada": false
}
}
},
{
"description": "Instant AOS versions 8.12.x ant\u00e9rieures \u00e0 8.12.0.3",
"product": {
"name": "Instant AOS",
"vendor": {
"name": "HPE Aruba Networking",
"scada": false
}
}
},
{
"description": "AOS versions 10.4.x ant\u00e9rieures \u00e0 10.4.1.5",
"product": {
"name": "AOS",
"vendor": {
"name": "HPE Aruba Networking",
"scada": false
}
}
},
{
"description": "Instant AOS versions 8.10.x ant\u00e9rieures \u00e0 8.10.0.14",
"product": {
"name": "Instant AOS",
"vendor": {
"name": "HPE Aruba Networking",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-47462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47462"
},
{
"name": "CVE-2024-47461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47461"
},
{
"name": "CVE-2024-47464",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47464"
},
{
"name": "CVE-2024-47460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47460"
},
{
"name": "CVE-2024-42509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42509"
},
{
"name": "CVE-2024-47463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47463"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0945",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits HPE Aruba Networking. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits HPE Aruba Networking",
"vendor_advisories": [
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 HPE Aruba Networking HPESBNW04722",
"url": "https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04722.txt"
}
]
}
BDU:2024-10877
Vulnerability from fstec - Published: 05.11.2024
VLAI
Title
Уязвимость интерфейса командной строки (CLI) операционных систем Instant AOS-8 и AOS-10, позволяющая нарушителю выполнить произвольные команды
Description
Уязвимость интерфейса командной строки (CLI) операционных систем Instant AOS-8 и AOS-10 связана с отсутствием ограничений на загрузку файлов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольные команды
Severity
Vendor
Aruba Networks
Software Name
AOS-10, Instant AOS-8
Software Version
от 10.4.0.0 до 10.4.1.4 включительно (AOS-10), от 8.12.0.0 до 8.12.0.2 включительно (Instant AOS-8), от 8.10.0.0 до 8.10.0.13 включительно (Instant AOS-8)
Possible Mitigations
Использование рекомендаций:
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
Reference
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04722.txt
https://paths.ext.hpe.com/c/a00132097enw?x=HugTV-&cc=us&lang=en&lb-mode=overlay&lb-height=100&lb-width=100&pf_route=a00132097
CWE
CWE-434
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Aruba Networks",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 10.4.0.0 \u0434\u043e 10.4.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (AOS-10), \u043e\u0442 8.12.0.0 \u0434\u043e 8.12.0.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Instant AOS-8), \u043e\u0442 8.10.0.0 \u0434\u043e 8.10.0.13 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Instant AOS-8)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us\u0026docLocale=en_US",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.11.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.12.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "09.12.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-10877",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-47463",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "AOS-10, Instant AOS-8",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Aruba Networks AOS-10 \u043e\u0442 10.4.0.0 \u0434\u043e 10.4.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , Aruba Networks Instant AOS-8 \u043e\u0442 8.12.0.0 \u0434\u043e 8.12.0.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , Aruba Networks Instant AOS-8 \u043e\u0442 8.10.0.0 \u0434\u043e 8.10.0.13 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (CLI) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Instant AOS-8 \u0438 AOS-10, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u0430\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 \u043e\u043f\u0430\u0441\u043d\u043e\u0433\u043e \u0442\u0438\u043f\u0430 (CWE-434)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (CLI) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Instant AOS-8 \u0438 AOS-10 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u043d\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0444\u0430\u0439\u043b\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Aruba Networks (\u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0430 \u0432 HPE Aruba Networking) \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Hewlett Packard Enterprise Development LP.",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us\u0026docLocale=en_US\nhttps://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04722.txt\nhttps://paths.ext.hpe.com/c/a00132097enw?x=HugTV-\u0026cc=us\u0026lang=en\u0026lb-mode=overlay\u0026lb-height=100\u0026lb-width=100\u0026pf_route=a00132097",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-434",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)"
}
FKIE_CVE-2024-47463
Vulnerability from fkie_nvd - Published: 2024-11-05 23:15 - Updated: 2026-04-15 00:35
Severity
Summary
An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system."
},
{
"lang": "es",
"value": " Existe una vulnerabilidad de creaci\u00f3n de archivos arbitrarios en la interfaz de l\u00ednea de comandos de Instant AOS-8 y AOS-10. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir que un atacante remoto autenticado cree archivos arbitrarios, lo que podr\u00eda provocar una ejecuci\u00f3n remota de comandos (RCE) en el sistema operativo subyacente."
}
],
"id": "CVE-2024-47463",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
}
]
},
"published": "2024-11-05T23:15:04.123",
"references": [
{
"source": "security-alert@hpe.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Deferred"
}
GHSA-33MQ-P8M3-73XJ
Vulnerability from github – Published: 2024-11-06 00:31 – Updated: 2024-11-06 00:31
VLAI
Details
An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.
Severity
7.2 (High)
{
"affected": [],
"aliases": [
"CVE-2024-47463"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-05T23:15:04Z",
"severity": "HIGH"
},
"details": "An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.",
"id": "GHSA-33mq-p8m3-73xj",
"modified": "2024-11-06T00:31:55Z",
"published": "2024-11-06T00:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47463"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us\u0026docLocale=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
NCSC-2024-0431
Vulnerability from csaf_ncscnl - Published: 2024-11-07 08:51 - Updated: 2024-11-07 08:51Summary
Kwetsbaarheden verholpen in Aruba Networks ArubaOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Aruba Networks heeft kwetsbaarheden verholpen in ArubaOS.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om willekeurige commando's uit te voeren op het onderliggende besturingssysteem.
Voor succesvol misbruik moet de kwaadwillende toegang hebben tot de management-interface, of de command-line. Het is goed gebruik dergelijke interfaces niet publiek toegankelijk te hebben, maar af te steunen in een separate beheer-omgeving.
Oplossingen: Aruba Networks heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
9.8 (Critical)
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__10.4.1.4:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.12.x.x__8.12.0.2_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.12.0.2:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:aos-10.4.x.x__10.4.1.4_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.10.x.x__8.10.0.13_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.10.0.13:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.3:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.5:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_8:*:*:*:*:*:*:*
|
— | |
|
arubaos
aruba
|
cpe:2.3:a:aruba:arubaos:*:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.4.1.4:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.12.0.2:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.10.0.13:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*
|
— |
9.0 (Critical)
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__10.4.1.4:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.12.x.x__8.12.0.2_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.12.0.2:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:aos-10.4.x.x__10.4.1.4_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.10.x.x__8.10.0.13_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.10.0.13:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.3:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.5:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_8:*:*:*:*:*:*:*
|
— | |
|
arubaos
aruba
|
cpe:2.3:a:aruba:arubaos:*:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.4.1.4:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.12.0.2:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.10.0.13:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*
|
— |
7.2 (High)
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__10.4.1.4:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.12.x.x__8.12.0.2_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.12.0.2:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:aos-10.4.x.x__10.4.1.4_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.10.x.x__8.10.0.13_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.10.0.13:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.3:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.5:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_8:*:*:*:*:*:*:*
|
— | |
|
arubaos
aruba
|
cpe:2.3:a:aruba:arubaos:*:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.4.1.4:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.12.0.2:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.10.0.13:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*
|
— |
7.2 (High)
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__10.4.1.4:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.12.x.x__8.12.0.2_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.12.0.2:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:aos-10.4.x.x__10.4.1.4_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.10.x.x__8.10.0.13_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.10.0.13:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.3:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.5:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_8:*:*:*:*:*:*:*
|
— | |
|
arubaos
aruba
|
cpe:2.3:a:aruba:arubaos:*:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.4.1.4:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.12.0.2:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.10.0.13:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*
|
— |
7.2 (High)
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__10.4.1.4:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.12.x.x__8.12.0.2_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.12.0.2:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:aos-10.4.x.x__10.4.1.4_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.10.x.x__8.10.0.13_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.10.0.13:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.3:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.5:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_8:*:*:*:*:*:*:*
|
— | |
|
arubaos
aruba
|
cpe:2.3:a:aruba:arubaos:*:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.4.1.4:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.12.0.2:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:a:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.10.0.13:*:*:*:*:*:*:*
|
— | |
|
instant
arubanetworks
|
cpe:2.3:a:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*
|
— |
6.8 (Medium)
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__10.4.1.4:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.12.x.x__8.12.0.2_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.12.0.2:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:aos-10.4.x.x__10.4.1.4_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.10.x.x__8.10.0.13_and_below:*:*:*:*:*:*:*
|
— | |
|
hpe_aruba_networking_access_points__instant_aos-8__and_aos-10
hewlett_packard_enterprise__hpe_
|
cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.10.0.13:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.3:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:10.5:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_6:*:*:*:*:*:*:*
|
— | |
|
arubaos
arubanetworks
|
cpe:2.3:o:arubanetworks:arubaos:instant_8:*:*:*:*:*:*:*
|
— | |
|
arubaos
aruba
|
cpe:2.3:a:aruba:arubaos:*:*:*:*:*:*:*:*
|
— |
References
7 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Aruba Networks heeft kwetsbaarheden verholpen in ArubaOS.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om willekeurige commando\u0027s uit te voeren op het onderliggende besturingssysteem.\n\nVoor succesvol misbruik moet de kwaadwillende toegang hebben tot de management-interface, of de command-line. Het is goed gebruik dergelijke interfaces niet publiek toegankelijk te hebben, maar af te steunen in een separate beheer-omgeving.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Aruba Networks heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - certbundde; cveprojectv5; hkcert; nvd",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us\u0026docLocale=en_US"
}
],
"title": "Kwetsbaarheden verholpen in Aruba Networks ArubaOS",
"tracking": {
"current_release_date": "2024-11-07T08:51:16.689034Z",
"id": "NCSC-2024-0431",
"initial_release_date": "2024-11-07T08:51:16.689034Z",
"revision_history": [
{
"date": "2024-11-07T08:51:16.689034Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "arubaos",
"product": {
"name": "arubaos",
"product_id": "CSAFPID-1704319",
"product_identification_helper": {
"cpe": "cpe:2.3:a:aruba:arubaos:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "aruba"
},
{
"branches": [
{
"category": "product_name",
"name": "arubaos",
"product": {
"name": "arubaos",
"product_id": "CSAFPID-1695507",
"product_identification_helper": {
"cpe": "cpe:2.3:a:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "arubaos",
"product": {
"name": "arubaos",
"product_id": "CSAFPID-1695505",
"product_identification_helper": {
"cpe": "cpe:2.3:a:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "arubaos",
"product": {
"name": "arubaos",
"product_id": "CSAFPID-1704562",
"product_identification_helper": {
"cpe": "cpe:2.3:a:arubanetworks:arubaos:10.4.1.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "arubaos",
"product": {
"name": "arubaos",
"product_id": "CSAFPID-1695499",
"product_identification_helper": {
"cpe": "cpe:2.3:a:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "instant",
"product": {
"name": "instant",
"product_id": "CSAFPID-1695510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "instant",
"product": {
"name": "instant",
"product_id": "CSAFPID-1695509",
"product_identification_helper": {
"cpe": "cpe:2.3:a:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "instant",
"product": {
"name": "instant",
"product_id": "CSAFPID-1704565",
"product_identification_helper": {
"cpe": "cpe:2.3:a:arubanetworks:instant:8.10.0.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "instant",
"product": {
"name": "instant",
"product_id": "CSAFPID-1695498",
"product_identification_helper": {
"cpe": "cpe:2.3:a:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "instant",
"product": {
"name": "instant",
"product_id": "CSAFPID-1704564",
"product_identification_helper": {
"cpe": "cpe:2.3:a:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "instant",
"product": {
"name": "instant",
"product_id": "CSAFPID-1704563",
"product_identification_helper": {
"cpe": "cpe:2.3:a:arubanetworks:instant:8.12.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "instant",
"product": {
"name": "instant",
"product_id": "CSAFPID-1695494",
"product_identification_helper": {
"cpe": "cpe:2.3:a:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "arubaos",
"product": {
"name": "arubaos",
"product_id": "CSAFPID-1704315",
"product_identification_helper": {
"cpe": "cpe:2.3:o:arubanetworks:arubaos:10.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "arubaos",
"product": {
"name": "arubaos",
"product_id": "CSAFPID-1704316",
"product_identification_helper": {
"cpe": "cpe:2.3:o:arubanetworks:arubaos:10.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "arubaos",
"product": {
"name": "arubaos",
"product_id": "CSAFPID-1704314",
"product_identification_helper": {
"cpe": "cpe:2.3:o:arubanetworks:arubaos:10.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "arubaos",
"product": {
"name": "arubaos",
"product_id": "CSAFPID-1704317",
"product_identification_helper": {
"cpe": "cpe:2.3:o:arubanetworks:arubaos:instant_6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "arubaos",
"product": {
"name": "arubaos",
"product_id": "CSAFPID-1704318",
"product_identification_helper": {
"cpe": "cpe:2.3:o:arubanetworks:arubaos:instant_8:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "arubanetworks"
},
{
"branches": [
{
"category": "product_name",
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product": {
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product_id": "CSAFPID-1703831",
"product_identification_helper": {
"cpe": "cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__10.4.1.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product": {
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product_id": "CSAFPID-1703836",
"product_identification_helper": {
"cpe": "cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.10.0.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product": {
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product_id": "CSAFPID-1703833",
"product_identification_helper": {
"cpe": "cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:__8.12.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product": {
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product_id": "CSAFPID-1703834",
"product_identification_helper": {
"cpe": "cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:aos-10.4.x.x__10.4.1.4_and_below:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product": {
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product_id": "CSAFPID-1703835",
"product_identification_helper": {
"cpe": "cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.10.x.x__8.10.0.13_and_below:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product": {
"name": "hpe_aruba_networking_access_points__instant_aos-8__and_aos-10",
"product_id": "CSAFPID-1703832",
"product_identification_helper": {
"cpe": "cpe:2.3:a:hewlett_packard_enterprise__hpe_:hpe_aruba_networking_access_points__instant_aos-8__and_aos-10:instant_aos-8.12.x.x__8.12.0.2_and_below:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "hewlett_packard_enterprise__hpe_"
},
{
"branches": [
{
"category": "product_name",
"name": "aruba_networking_access_point",
"product": {
"name": "aruba_networking_access_point",
"product_id": "CSAFPID-1704488",
"product_identification_helper": {
"cpe": "cpe:2.3:a:hpe:aruba_networking_access_point:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "instant_aos-10",
"product": {
"name": "instant_aos-10",
"product_id": "CSAFPID-1704490",
"product_identification_helper": {
"cpe": "cpe:2.3:a:hpe:instant_aos-10:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "instant_aos-8",
"product": {
"name": "instant_aos-8",
"product_id": "CSAFPID-1704489",
"product_identification_helper": {
"cpe": "cpe:2.3:a:hpe:instant_aos-8:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "hpe"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-42509",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319",
"CSAFPID-1695498",
"CSAFPID-1695505",
"CSAFPID-1704562",
"CSAFPID-1695507",
"CSAFPID-1704563",
"CSAFPID-1704564",
"CSAFPID-1695510",
"CSAFPID-1695499",
"CSAFPID-1695494",
"CSAFPID-1704565",
"CSAFPID-1695509"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42509",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42509.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319",
"CSAFPID-1695498",
"CSAFPID-1695505",
"CSAFPID-1704562",
"CSAFPID-1695507",
"CSAFPID-1704563",
"CSAFPID-1704564",
"CSAFPID-1695510",
"CSAFPID-1695499",
"CSAFPID-1695494",
"CSAFPID-1704565",
"CSAFPID-1695509"
]
}
],
"title": "CVE-2024-42509"
},
{
"cve": "CVE-2024-47460",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319",
"CSAFPID-1695498",
"CSAFPID-1695505",
"CSAFPID-1704562",
"CSAFPID-1695507",
"CSAFPID-1704563",
"CSAFPID-1704564",
"CSAFPID-1695510",
"CSAFPID-1695499",
"CSAFPID-1695494",
"CSAFPID-1704565",
"CSAFPID-1695509"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47460",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47460.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319",
"CSAFPID-1695498",
"CSAFPID-1695505",
"CSAFPID-1704562",
"CSAFPID-1695507",
"CSAFPID-1704563",
"CSAFPID-1704564",
"CSAFPID-1695510",
"CSAFPID-1695499",
"CSAFPID-1695494",
"CSAFPID-1704565",
"CSAFPID-1695509"
]
}
],
"title": "CVE-2024-47460"
},
{
"cve": "CVE-2024-47461",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319",
"CSAFPID-1695498",
"CSAFPID-1695505",
"CSAFPID-1704562",
"CSAFPID-1695507",
"CSAFPID-1704563",
"CSAFPID-1704564",
"CSAFPID-1695510",
"CSAFPID-1695499",
"CSAFPID-1695494",
"CSAFPID-1704565",
"CSAFPID-1695509"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47461",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47461.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319",
"CSAFPID-1695498",
"CSAFPID-1695505",
"CSAFPID-1704562",
"CSAFPID-1695507",
"CSAFPID-1704563",
"CSAFPID-1704564",
"CSAFPID-1695510",
"CSAFPID-1695499",
"CSAFPID-1695494",
"CSAFPID-1704565",
"CSAFPID-1695509"
]
}
],
"title": "CVE-2024-47461"
},
{
"cve": "CVE-2024-47462",
"product_status": {
"known_affected": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319",
"CSAFPID-1695498",
"CSAFPID-1695505",
"CSAFPID-1704562",
"CSAFPID-1695507",
"CSAFPID-1704563",
"CSAFPID-1704564",
"CSAFPID-1695510",
"CSAFPID-1695499",
"CSAFPID-1695494",
"CSAFPID-1704565",
"CSAFPID-1695509"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47462",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47462.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319",
"CSAFPID-1695498",
"CSAFPID-1695505",
"CSAFPID-1704562",
"CSAFPID-1695507",
"CSAFPID-1704563",
"CSAFPID-1704564",
"CSAFPID-1695510",
"CSAFPID-1695499",
"CSAFPID-1695494",
"CSAFPID-1704565",
"CSAFPID-1695509"
]
}
],
"title": "CVE-2024-47462"
},
{
"cve": "CVE-2024-47463",
"product_status": {
"known_affected": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319",
"CSAFPID-1695498",
"CSAFPID-1695505",
"CSAFPID-1704562",
"CSAFPID-1695507",
"CSAFPID-1704563",
"CSAFPID-1704564",
"CSAFPID-1695510",
"CSAFPID-1695499",
"CSAFPID-1695494",
"CSAFPID-1704565",
"CSAFPID-1695509"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47463",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47463.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319",
"CSAFPID-1695498",
"CSAFPID-1695505",
"CSAFPID-1704562",
"CSAFPID-1695507",
"CSAFPID-1704563",
"CSAFPID-1704564",
"CSAFPID-1695510",
"CSAFPID-1695499",
"CSAFPID-1695494",
"CSAFPID-1704565",
"CSAFPID-1695509"
]
}
],
"title": "CVE-2024-47463"
},
{
"cve": "CVE-2024-47464",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47464",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47464.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1703831",
"CSAFPID-1703832",
"CSAFPID-1703833",
"CSAFPID-1703834",
"CSAFPID-1703835",
"CSAFPID-1703836",
"CSAFPID-1704314",
"CSAFPID-1704315",
"CSAFPID-1704316",
"CSAFPID-1704317",
"CSAFPID-1704318",
"CSAFPID-1704319"
]
}
],
"title": "CVE-2024-47464"
}
]
}
WID-SEC-W-2024-3343
Vulnerability from csaf_certbund - Published: 2024-11-05 23:00 - Updated: 2024-11-05 23:00Summary
Aruba ArubaOS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: ArubaOS ist das Betriebssystem der Aruba Netzwerkprodukte.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um beliebige Betriebssystemkommandos auszuführen und um Zugriffsbeschränkungen zu umgehen.
Betroffene Betriebssysteme: - BIOS/Firmware
- Hardware Appliance
In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Geräte auszuführen und um Zugriffsbeschränkungen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS 10.6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.6
|
10.6 | |
|
Aruba ArubaOS 10.3
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.3
|
10.3 | |
|
Aruba ArubaOS 10.5
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.5
|
10.5 | |
|
Aruba ArubaOS Instant 6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_6
|
Instant 6 | |
|
Aruba ArubaOS Instant 8
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_8
|
Instant 8 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS Instant <=8.10.0.13
Aruba / ArubaOS
|
Instant <=8.10.0.13 | ||
|
Aruba ArubaOS Instant <=8.12.0.2
Aruba / ArubaOS
|
Instant <=8.12.0.2 | ||
|
Aruba ArubaOS <=10.4.1.4
Aruba / ArubaOS
|
<=10.4.1.4 |
In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Geräte auszuführen und um Zugriffsbeschränkungen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS 10.6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.6
|
10.6 | |
|
Aruba ArubaOS 10.3
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.3
|
10.3 | |
|
Aruba ArubaOS 10.5
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.5
|
10.5 | |
|
Aruba ArubaOS Instant 6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_6
|
Instant 6 | |
|
Aruba ArubaOS Instant 8
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_8
|
Instant 8 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS Instant <=8.10.0.13
Aruba / ArubaOS
|
Instant <=8.10.0.13 | ||
|
Aruba ArubaOS Instant <=8.12.0.2
Aruba / ArubaOS
|
Instant <=8.12.0.2 | ||
|
Aruba ArubaOS <=10.4.1.4
Aruba / ArubaOS
|
<=10.4.1.4 |
In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Geräte auszuführen und um Zugriffsbeschränkungen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS 10.6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.6
|
10.6 | |
|
Aruba ArubaOS 10.3
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.3
|
10.3 | |
|
Aruba ArubaOS 10.5
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.5
|
10.5 | |
|
Aruba ArubaOS Instant 6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_6
|
Instant 6 | |
|
Aruba ArubaOS Instant 8
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_8
|
Instant 8 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS Instant <=8.10.0.13
Aruba / ArubaOS
|
Instant <=8.10.0.13 | ||
|
Aruba ArubaOS Instant <=8.12.0.2
Aruba / ArubaOS
|
Instant <=8.12.0.2 | ||
|
Aruba ArubaOS <=10.4.1.4
Aruba / ArubaOS
|
<=10.4.1.4 |
In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Geräte auszuführen und um Zugriffsbeschränkungen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS 10.6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.6
|
10.6 | |
|
Aruba ArubaOS 10.3
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.3
|
10.3 | |
|
Aruba ArubaOS 10.5
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.5
|
10.5 | |
|
Aruba ArubaOS Instant 6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_6
|
Instant 6 | |
|
Aruba ArubaOS Instant 8
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_8
|
Instant 8 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS Instant <=8.10.0.13
Aruba / ArubaOS
|
Instant <=8.10.0.13 | ||
|
Aruba ArubaOS Instant <=8.12.0.2
Aruba / ArubaOS
|
Instant <=8.12.0.2 | ||
|
Aruba ArubaOS <=10.4.1.4
Aruba / ArubaOS
|
<=10.4.1.4 |
In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Geräte auszuführen und um Zugriffsbeschränkungen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS 10.6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.6
|
10.6 | |
|
Aruba ArubaOS 10.3
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.3
|
10.3 | |
|
Aruba ArubaOS 10.5
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.5
|
10.5 | |
|
Aruba ArubaOS Instant 6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_6
|
Instant 6 | |
|
Aruba ArubaOS Instant 8
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_8
|
Instant 8 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS Instant <=8.10.0.13
Aruba / ArubaOS
|
Instant <=8.10.0.13 | ||
|
Aruba ArubaOS Instant <=8.12.0.2
Aruba / ArubaOS
|
Instant <=8.12.0.2 | ||
|
Aruba ArubaOS <=10.4.1.4
Aruba / ArubaOS
|
<=10.4.1.4 |
In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Geräte auszuführen und um Zugriffsbeschränkungen zu umgehen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS 10.6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.6
|
10.6 | |
|
Aruba ArubaOS 10.3
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.3
|
10.3 | |
|
Aruba ArubaOS 10.5
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:10.5
|
10.5 | |
|
Aruba ArubaOS Instant 6
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_6
|
Instant 6 | |
|
Aruba ArubaOS Instant 8
Aruba / ArubaOS
|
cpe:/o:arubanetworks:arubaos:instant_8
|
Instant 8 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Aruba ArubaOS Instant <=8.10.0.13
Aruba / ArubaOS
|
Instant <=8.10.0.13 | ||
|
Aruba ArubaOS Instant <=8.12.0.2
Aruba / ArubaOS
|
Instant <=8.12.0.2 | ||
|
Aruba ArubaOS <=10.4.1.4
Aruba / ArubaOS
|
<=10.4.1.4 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ArubaOS ist das Betriebssystem der Aruba Netzwerkprodukte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um beliebige Betriebssystemkommandos auszuf\u00fchren und um Zugriffsbeschr\u00e4nkungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware\n- Hardware Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3343 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3343.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3343 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3343"
},
{
"category": "external",
"summary": "HPE Aruba Networking Security Advisory vom 2024-11-05",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us\u0026docLocale=en_US"
}
],
"source_lang": "en-US",
"title": "Aruba ArubaOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-05T23:00:00.000+00:00",
"generator": {
"date": "2024-11-06T11:05:07.174+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3343",
"initial_release_date": "2024-11-05T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-11-05T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=10.4.1.4",
"product": {
"name": "Aruba ArubaOS \u003c=10.4.1.4",
"product_id": "1632436"
}
},
{
"category": "product_version_range",
"name": "\u003c=10.4.1.4",
"product": {
"name": "Aruba ArubaOS \u003c=10.4.1.4",
"product_id": "1632436-fixed"
}
},
{
"category": "product_version_range",
"name": "Instant \u003c=8.12.0.2",
"product": {
"name": "Aruba ArubaOS Instant \u003c=8.12.0.2",
"product_id": "T038779"
}
},
{
"category": "product_version_range",
"name": "Instant \u003c=8.12.0.2",
"product": {
"name": "Aruba ArubaOS Instant \u003c=8.12.0.2",
"product_id": "T038779-fixed"
}
},
{
"category": "product_version_range",
"name": "Instant \u003c=8.10.0.13",
"product": {
"name": "Aruba ArubaOS Instant \u003c=8.10.0.13",
"product_id": "T038780"
}
},
{
"category": "product_version_range",
"name": "Instant \u003c=8.10.0.13",
"product": {
"name": "Aruba ArubaOS Instant \u003c=8.10.0.13",
"product_id": "T038780-fixed"
}
},
{
"category": "product_version",
"name": "10.6",
"product": {
"name": "Aruba ArubaOS 10.6",
"product_id": "T038781",
"product_identification_helper": {
"cpe": "cpe:/o:arubanetworks:arubaos:10.6"
}
}
},
{
"category": "product_version",
"name": "10.5",
"product": {
"name": "Aruba ArubaOS 10.5",
"product_id": "T038782",
"product_identification_helper": {
"cpe": "cpe:/o:arubanetworks:arubaos:10.5"
}
}
},
{
"category": "product_version",
"name": "10.3",
"product": {
"name": "Aruba ArubaOS 10.3",
"product_id": "T038783",
"product_identification_helper": {
"cpe": "cpe:/o:arubanetworks:arubaos:10.3"
}
}
},
{
"category": "product_version",
"name": "Instant 8",
"product": {
"name": "Aruba ArubaOS Instant 8",
"product_id": "T038784",
"product_identification_helper": {
"cpe": "cpe:/o:arubanetworks:arubaos:instant_8"
}
}
},
{
"category": "product_version",
"name": "Instant 6",
"product": {
"name": "Aruba ArubaOS Instant 6",
"product_id": "T038785",
"product_identification_helper": {
"cpe": "cpe:/o:arubanetworks:arubaos:instant_6"
}
}
}
],
"category": "product_name",
"name": "ArubaOS"
}
],
"category": "vendor",
"name": "Aruba"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-42509",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Ger\u00e4te auszuf\u00fchren und um Zugriffsbeschr\u00e4nkungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T038781",
"T038783",
"T038782",
"T038785",
"T038784"
],
"last_affected": [
"T038780",
"T038779",
"1632436"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-42509"
},
{
"cve": "CVE-2024-47460",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Ger\u00e4te auszuf\u00fchren und um Zugriffsbeschr\u00e4nkungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T038781",
"T038783",
"T038782",
"T038785",
"T038784"
],
"last_affected": [
"T038780",
"T038779",
"1632436"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-47460"
},
{
"cve": "CVE-2024-47461",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Ger\u00e4te auszuf\u00fchren und um Zugriffsbeschr\u00e4nkungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T038781",
"T038783",
"T038782",
"T038785",
"T038784"
],
"last_affected": [
"T038780",
"T038779",
"1632436"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-47461"
},
{
"cve": "CVE-2024-47462",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Ger\u00e4te auszuf\u00fchren und um Zugriffsbeschr\u00e4nkungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T038781",
"T038783",
"T038782",
"T038785",
"T038784"
],
"last_affected": [
"T038780",
"T038779",
"1632436"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-47462"
},
{
"cve": "CVE-2024-47463",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Ger\u00e4te auszuf\u00fchren und um Zugriffsbeschr\u00e4nkungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T038781",
"T038783",
"T038782",
"T038785",
"T038784"
],
"last_affected": [
"T038780",
"T038779",
"1632436"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-47463"
},
{
"cve": "CVE-2024-47464",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS existieren mehrere Schwachstellen, die unter anderem die Kommandozeile und das PAPI Protokoll betreffen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige Kommandos auf dem Betriebssystem der betroffenen Ger\u00e4te auszuf\u00fchren und um Zugriffsbeschr\u00e4nkungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T038781",
"T038783",
"T038782",
"T038785",
"T038784"
],
"last_affected": [
"T038780",
"T038779",
"1632436"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-47464"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…