Lucene search

HpeVULNRICHMENT:CVE-2024-33511

HistoryMay 01, 2024 - 2:54 p.m.

CVE-2024-33511

2024-05-0114:54:17

hpe

github.com

buffer overflow

remote code execution

udp port 8211

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.10.0.0",
        "lessThan": "8.10.0.10",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "10.5.0.0",
        "lessThan": "10.5.1.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "10.4.0.0",
        "lessThan": "10.4.1.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.11.0.0",
        "lessThan": "8.11.2.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "10.3.0.0",
        "lessThan": "10.4.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.9.0.0",
        "lessThan": "8.10.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.8.0.0",
        "lessThan": "8.9.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.7.0.0",
        "lessThan": "8.8.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.6.0.0",
        "lessThan": "8.7.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "6.5.4.0",
        "lessThan": "6.5.5.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "sd-wan",
    "versions": [
      {
        "status": "affected",
        "version": "8.7.0.0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "sd-wan",
    "versions": [
      {
        "status": "affected",
        "version": "8.6.0.4",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-33511