github - ghsa-3r2p-7j7f-fc8q

ghsa-3r2p-7j7f-fc8q

Vulnerability from github

Published

2025-01-08 21:32

Modified

2025-01-31 18:31

Severity ?

3.4 (Low) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Details

A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-54010"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-08T21:15:12Z",
    "severity": "LOW"
  },
  "details": "A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches  exists. It could allow an unauthenticated adjacent attacker to conduct a packet  forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure.",
  "id": "GHSA-3r2p-7j7f-fc8q",
  "modified": "2025-01-31T18:31:04Z",
  "published": "2025-01-08T21:32:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54010"
    },
    {
      "type": "WEB",
      "url": "https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04772.txt"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04772en_us\u0026docLocale=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-54010 (GCVE-0-2024-54010)

Vulnerability from cvelistv5

Published

2025-01-08 20:42

Modified

2025-01-31 17:57

Severity ?

3.4 (Low) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Summary

A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure.

References

URL

Tags

https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04772.txt

Impacted products

	Vendor	Product	Version
	Hewlett Packard Enterprise (HPE)	AOS-CX	Version: Version 10.10.0000: 10.10.1140 and below ≤ <=10.10.1140 Version: Version 10.13.0000: 10.13.1060 and below ≤ <=10.13.1060 Version: Version 10.14.0000: 10.14.1020 and below ≤ <=10.14.1020 Version: Version 10.15.0000: 10.15.0005 and below ≤ <=10.15.0005

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54010",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T16:31:10.583426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-31T17:57:52.529Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory"
            ],
            "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04772en_us\u0026docLocale=en_US"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AOS-CX",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "lessThanOrEqual": "\u003c=10.10.1140",
              "status": "affected",
              "version": "Version 10.10.0000: 10.10.1140 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=10.13.1060",
              "status": "affected",
              "version": "Version 10.13.0000: 10.13.1060 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=10.14.1020",
              "status": "affected",
              "version": "Version 10.14.0000: 10.14.1020 and below",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "\u003c=10.15.0005",
              "status": "affected",
              "version": "Version 10.15.0000: 10.15.0005 and below",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "DXC"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches  exists. It could allow an unauthenticated adjacent attacker to conduct a packet  forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure.\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches  exists. It could allow an unauthenticated adjacent attacker to conduct a packet  forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-08T20:42:21.216Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04772.txt"
        }
      ],
      "source": {
        "advisory": "HPESBNW04772",
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated Traffic Handling Flaw Allows Packet Leakage on   HPE Aruba Networking CX 10000 series switches",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2024-54010",
    "datePublished": "2025-01-08T20:42:21.216Z",
    "dateReserved": "2024-11-26T21:55:16.390Z",
    "dateUpdated": "2025-01-31T17:57:52.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.