CVE-2024-42507

🗓️ 24 Sep 2024 18:11:37Reported by hpeType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 66 Views

Command injection vulnerability allows unauthenticated remote code execution via PAPI protoco

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-42507	26 Sep 202419:30	–	circl
CNNVD	Hewlett Packard Enterprise Aruba Networks Instant 安全漏洞	25 Sep 202400:00	–	cnnvd
Cvelist	CVE-2024-42507 Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol	24 Sep 202418:11	–	cvelist
EUVD	EUVD-2024-39655	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Aruba Networks ArubaOS	26 Sep 202409:00	–	ncsc
NVD	CVE-2024-42507	25 Sep 202401:15	–	nvd
Positive Technologies	PT-2024-29997 · Aruba · Aruba Access Point	2 Aug 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-42507	5 Feb 202502:28	–	redhatcve
Vulnrichment	CVE-2024-42507 Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol	24 Sep 202418:11	–	vulnrichment

[
  {
    "defaultStatus": "affected",
    "product": "Aruba OS",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "<=10.6.0.2",
        "status": "affected",
        "version": "Version 10.5.0.0: 10.6.0.2 and below",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "<=10.4.1.13",
        "status": "affected",
        "version": "Version 10.0.0.0: 10.4.1.13 and below",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "<=8.10.0.13",
        "status": "affected",
        "version": "Version 6.4.0.0: 8.10.0.13 and below",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "<=8.12.0.1",
        "status": "affected",
        "version": "Version 8.11.0.0: 8.12.0.1 and below",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
support	www.support.hpe.com/hpesc/public/docDisplay

15 Apr 2026 00:35Current

10High risk

Vulners AI Score10

CVSS 3.19.8

EPSS0.01672

SSVC

CWE-77