Lucene search

HpeVULNRICHMENT:CVE-2024-42400

HistoryAug 06, 2024 - 7:51 p.m.

CVE-2024-42400 Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol

2024-08-0619:51:17

hpe

github.com

cve-2024-42400

papi protocol

access point

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

7.2

Confidence

Low

EPSS

Percentile

16.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

CNA Affected

[
  {
    "vendor": "Hewlett Packard Enterprise",
    "product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
    "versions": [
      {
        "status": "affected",
        "version": "Version 8.12.0.0: 8.12.0.1 and below",
        "versionType": "semver",
        "lessThanOrEqual": "<=8.12.0.1"
      },
      {
        "status": "affected",
        "version": "Version 8.10.0.0: 8.10.0.12 and below",
        "versionType": "semver",
        "lessThanOrEqual": "<=8.10.0.12"
      },
      {
        "status": "affected",
        "version": "Version 10.6.0.0: 10.6.0.0 and below",
        "versionType": "semver",
        "lessThanOrEqual": "<=10.6.0.0"
      },
      {
        "status": "affected",
        "version": "Version 10.4.0.0: 10.4.1.3 and below",
        "versionType": "semver",
        "lessThanOrEqual": "<=10.4.1.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "10.6.0.0",
        "lessThan": "10.6.0.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "10.4.0.0",
        "lessThan": "10.4.1.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "instant",
    "versions": [
      {
        "status": "affected",
        "version": "8.12.0.0",
        "lessThan": "8.12.0.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "instant",
    "versions": [
      {
        "status": "affected",
        "version": "8.10.0.0",
        "lessThan": "8.10.0.13",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "10.5.0.0",
        "lessThan": "10.6.0.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "arubaos",
    "versions": [
      {
        "status": "affected",
        "version": "10.3.0.0",
        "lessThan": "10.4.0.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "instant",
    "versions": [
      {
        "status": "affected",
        "version": "8.11.0.0",
        "lessThan": "8.12.0.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "instant",
    "versions": [
      {
        "status": "affected",
        "version": "8.7.0.0",
        "lessThan": "8.10.0.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "instant",
    "versions": [
      {
        "status": "affected",
        "version": "8.4.0.0",
        "lessThan": "8.6.0.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "instant",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.0.0",
        "lessThan": "6.6.0.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

7.2

Confidence

Low

EPSS

Percentile

16.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-42400