There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HArubanetworks Arubaos
OSArubanetworks10.3.0.0 – 10.4.1.1 (bez)10.5.0.0 – 10.5.1.1 (bez)HP Instantos
OSHp6.4.0.0 – 8.6.0.24 (bez)8.7.0.0 – 8.10.0.11 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2024-42395CRITICAL9.8PL ✓ten sam produkt
RCE bez uwierzytelnienia w AP Certificate Management Service (ArubaOS/InstantOS)
CVE-2024-42394CRITICAL9.8PL ✓ten sam produkt
RCE w Soft AP Daemon Service — ArubaOS i InstantOS (KRYTYCZNY)
CVE-2024-42393CRITICAL9.8PL ✓ten sam produkt
RCE w Soft AP Daemon Service — ArubaOS i InstantOS
CVE-2024-31469CRITICAL9.8PL ✓ten sam produkt
Buffer overflow w usłudze Central Communications Aruba – nieuwierzytelnione RCE
CVE-2024-31467CRITICAL9.8PL ✓ten sam produkt
Buffer overflow w CLI service ArubaOS/InstantOS umożliwiający zdalny RCE