Lucene search

HpeVULNRICHMENT:CVE-2024-33512

HistoryMay 01, 2024 - 2:57 p.m.

CVE-2024-33512

2024-05-0114:57:08

hpe

github.com

buffer overflow

local user authentication

remote code execution

papi

udp port 8211

arbitrary code

privileged user

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.10.0.0",
        "lessThan": "8.10.0.10",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "10.5.0.0",
        "lessThan": "10.5.1.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "10.4.0.0",
        "lessThan": "10.4.1.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.11.0.0",
        "lessThan": "8.11.2.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "10.3.0.0",
        "lessThan": "10.4.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.9.0.0",
        "lessThan": "8.10.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.8.0.0",
        "lessThan": "8.9.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.7.0.0",
        "lessThan": "8.8.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "8.6.0.0",
        "lessThan": "8.7.0.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "6.5.4.0",
        "lessThan": "6.5.5.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "sd-wan",
    "versions": [
      {
        "status": "affected",
        "version": "8.7.0.0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "sd-wan",
    "versions": [
      {
        "status": "affected",
        "version": "8.6.0.4",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-33512