Lucene search

HpeCVELIST:CVE-2024-1356

HistoryMar 05, 2024 - 8:14 p.m.

CVE-2024-1356

2024-03-0520:14:37

hpe

www.cve.org

arubaos

command injection

vulnerabilities

exploitation

arbitrary commands

privileged user

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-1356