There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
The vulnerability stems from out-of-bounds write errors (CWE-787) and improper neutralization of control elements in code (CWE-94) within the Soft AP Daemon Service. An attacker can send a specially crafted network request without requiring authentication, allowing injection and execution of arbitrary commands at the operating system level. The attack vector is network-based and requires no privileges or user interaction.
An attacker can execute arbitrary commands on the device's operating system, leading to complete system compromise — loss of confidentiality, integrity, and availability.
Apply patches available from the manufacturer according to the references — detailed information about versions containing fixes is available at: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US
ArubaOS and HP InstantOS products — specific versions indicated in the manufacturer's references (HPE Security Bulletin hpesbnw04678en_us)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArubanetworks Arubaos
OSArubanetworks10.3.0.0 – 10.4.1.4 (bez)10.5.0.0 – 10.6.0.1 (bez)HP Instantos
OSHp6.4.0.0 – 8.10.0.13 (bez)8.12.0.0 – 8.12.0.2 (bez)
Related vulnerabilities
RCE bez uwierzytelnienia w AP Certificate Management Service (ArubaOS/InstantOS)
RCE w Soft AP Daemon Service — ArubaOS i InstantOS (KRYTYCZNY)
Buffer overflow w usłudze Central Communications Aruba – nieuwierzytelnione RCE
Buffer overflow w CLI service ArubaOS/InstantOS umożliwiający zdalny RCE
Buffer overflow w CLI service ArubaOS/InstantOS — nieuwierzytelniony RCE