Lucene search

K
cve[email protected]CVE-2024-31475
HistoryMay 14, 2024 - 11:15 p.m.

CVE-2024-31475

2024-05-1423:15:10
web.nvd.nist.gov
2
cve-2024-31475
aruba
papi
access point management
exploitation
deletion
operating system
interruption
integrity

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba’s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Aruba InstantOS and Aruba Access Points running ArubaOS 10",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "InstantOS or ArubaOS (access points) 10.5.x.x: 10.5.1.0 and below."
      },
      {
        "status": "affected",
        "version": "InstantOS or ArubaOS (access points) 10.4.x.x: 10.4.1.0 and below."
      },
      {
        "status": "affected",
        "version": "InstantOS or ArubaOS (access points) 8.11.x.x: 8.11.2.1 and below."
      },
      {
        "status": "affected",
        "version": "InstantOS or ArubaOS (access points) 8.10.x.x: 8.10.0.10 and below."
      },
      {
        "status": "affected",
        "version": "InstantOS or ArubaOS (access points) 8.6.x.x: 8.6.0.23 and below."
      }
    ]
  }
]

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2024-31475