Lucene search

HpeCVELIST:CVE-2024-42395

HistoryAug 06, 2024 - 6:56 p.m.

CVE-2024-42395 Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol

2024-08-0618:56:05

hpe

www.cve.org

cve-2024-42395

buffer overflow

remote command execution

papi protocol

threat actor

arbitrary commands

operating system

system compromise

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "<=8.12.0.1",
        "status": "affected",
        "version": "Version 8.12.0.0: 8.12.0.1 and below",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "<=8.10.0.12",
        "status": "affected",
        "version": "Version 8.10.0.0: 8.10.0.12 and below",
        "versionType": "semver"
      }
    ]
  }
]

References

support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

Related for CVELIST:CVE-2024-42395