CVE-2024-42505

Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol

Description

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

INFO

Published Date :

2024-09-24T18:09:27.417Z

Last Modified :

2024-09-26T03:55:49.884Z

Source :

hpe

AFFECTED PRODUCTS

The following products are affected by CVE-2024-42505 vulnerability.

Vendors	Products
Arubanetworks	Arubaos

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42505.

URL	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact