Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-0563
Vulnerability from csaf_certbund
Published
2024-03-05 23:00
Modified
2024-03-05 23:00
Summary
Aruba ArubaOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
ArubaOS ist das Betriebssystem der Aruba Netzwerkprodukte.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um beliebigen Programmcode auszuführen einen Denial of Service zu verursachen oder Informationen offenzulegen.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "ArubaOS ist das Betriebssystem der Aruba Netzwerkprodukte.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um beliebigen Programmcode auszuführen einen Denial of Service zu verursachen oder Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0563 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0563.json", }, { category: "self", summary: "WID-SEC-2024-0563 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0563", }, { category: "external", summary: "HPE Aruba Networking Product Security Advisory vom 2024-03-05", url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], source_lang: "en-US", title: "Aruba ArubaOS: Mehrere Schwachstellen", tracking: { current_release_date: "2024-03-05T23:00:00.000+00:00", generator: { date: "2024-08-15T18:06:10.483+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0563", initial_release_date: "2024-03-05T23:00:00.000+00:00", revision_history: [ { date: "2024-03-05T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "< 10.5.1.0", product: { name: "Aruba ArubaOS < 10.5.1.0", product_id: "T033261", }, }, { category: "product_version_range", name: "< 10.4.1.0", product: { name: "Aruba ArubaOS < 10.4.1.0", product_id: "T033262", }, }, { category: "product_version_range", name: "< 8.11.2.1", product: { name: "Aruba ArubaOS < 8.11.2.1", product_id: "T033263", }, }, { category: "product_version_range", name: "< 8.10.0.10", product: { name: "Aruba ArubaOS < 8.10.0.10", product_id: "T033264", }, }, ], category: "product_name", name: "ArubaOS", }, ], category: "vendor", name: "Aruba", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25613", notes: [ { category: "description", text: "In Aruba ArubaOS existieren mehrere Schwachstellen. In der Befehlszeilenschnittstelle können unberechtigt Befehle injiziert werden. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um beliebige Befehle als privilegierter Benutzer auf dem zugrunde liegenden Betriebssystem auszuführen.", }, ], release_date: "2024-03-05T23:00:00.000+00:00", title: "CVE-2024-25613", }, { cve: "CVE-2024-25612", notes: [ { category: "description", text: "In Aruba ArubaOS existieren mehrere Schwachstellen. In der Befehlszeilenschnittstelle können unberechtigt Befehle injiziert werden. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um beliebige Befehle als privilegierter Benutzer auf dem zugrunde liegenden Betriebssystem auszuführen.", }, ], release_date: "2024-03-05T23:00:00.000+00:00", title: "CVE-2024-25612", }, { cve: "CVE-2024-25611", notes: [ { category: "description", text: "In Aruba ArubaOS existieren mehrere Schwachstellen. In der Befehlszeilenschnittstelle können unberechtigt Befehle injiziert werden. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um beliebige Befehle als privilegierter Benutzer auf dem zugrunde liegenden Betriebssystem auszuführen.", }, ], release_date: "2024-03-05T23:00:00.000+00:00", title: "CVE-2024-25611", }, { cve: "CVE-2024-1356", notes: [ { category: "description", text: "In Aruba ArubaOS existieren mehrere Schwachstellen. In der Befehlszeilenschnittstelle können unberechtigt Befehle injiziert werden. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um beliebige Befehle als privilegierter Benutzer auf dem zugrunde liegenden Betriebssystem auszuführen.", }, ], release_date: "2024-03-05T23:00:00.000+00:00", title: "CVE-2024-1356", }, { cve: "CVE-2024-25614", notes: [ { category: "description", text: "In Aruba ArubaOS existiert eine Schwachstelle. Diese besteht im CLI und ermöglicht es, beliebige Dateien auf dem Dateien auf dem zugrunde liegenden Betriebssystem zu löschen. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen und die Integrität zu gefährden.", }, ], release_date: "2024-03-05T23:00:00.000+00:00", title: "CVE-2024-25614", }, { cve: "CVE-2024-25615", notes: [ { category: "description", text: "In Aruba ArubaOS existiert eine Schwachstelle. Diese besteht im Spectrum-Dienst, auf den über das PAPI-Protokoll zugegriffen wird. Ein entfernter, anonymer Angreifer kann das ausnutzen, um einen Denial of Service zu verursachen.", }, ], release_date: "2024-03-05T23:00:00.000+00:00", title: "CVE-2024-25615", }, { cve: "CVE-2024-25616", notes: [ { category: "description", text: "In Aruba ArubaOS existiert eine Schwachstelle. Im IKE_AUTH-Verhandlungsprozess besteht ein Problem, das zur teilweisen Offenlegung sensibler Informationen führt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um diese Informationen auszuspähen.", }, ], release_date: "2024-03-05T23:00:00.000+00:00", title: "CVE-2024-25616", }, ], }
cve-2024-25613
Vulnerability from cvelistv5
Published
2024-03-05 20:17
Modified
2024-08-01 23:44
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "10.5.0.1", status: "affected", version: "10.5.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "10.4.0.3", status: "affected", version: "10.4.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "8.11.2.0", status: "affected", version: "8.11.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "8.10.0.9", status: "affected", version: "8.10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "10.4.0.0", status: "affected", version: "10.3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.10.0.0", status: "affected", version: "8.9.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.9.0.0", status: "affected", version: "8.8.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.8.0.0", status: "affected", version: "8.7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.7.0.0", status: "affected", version: "8.6.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "6.5.5.0", status: "affected", version: "6.5.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "sd-wan", vendor: "arubanetworks", versions: [ { lessThan: "8.8.0.0", status: "affected", version: "8.7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "sd-wan", vendor: "arubanetworks", versions: [ { lessThan: "8.7.0.0", status: "affected", version: "8.6.0.4", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-25613", options: [ { Exploitation: "None", }, { Automatable: "No", }, { "Technical Impact": "Total", }, ], role: "CISA Coordinator", timestamp: "2024-05-15T13:45:17.341453Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-20T19:16:02.594Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:44:09.825Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points", vendor: "Hewlett Packard Enterprise (HPE)", versions: [ { status: "affected", version: "ArubaOS 10.5.x.x: 10.5.0.1 and below", }, { status: "affected", version: "ArubaOS 10.4.x.x: 10.4.0.3 and below", }, { status: "affected", version: "ArubaOS 8.11.x.x: 8.11.2.0 and below", }, { status: "affected", version: "ArubaOS 8.10.x.x: 8.10.0.9 and below", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "Erik De Jong (bugcrowd.com/erikdejong)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.</p>", }, ], value: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-05T20:17:55.396Z", orgId: "eb103674-0d28-4225-80f8-39fb86215de0", shortName: "hpe", }, references: [ { url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "eb103674-0d28-4225-80f8-39fb86215de0", assignerShortName: "hpe", cveId: "CVE-2024-25613", datePublished: "2024-03-05T20:17:55.396Z", dateReserved: "2024-02-08T18:08:46.265Z", dateUpdated: "2024-08-01T23:44:09.825Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25616
Vulnerability from cvelistv5
Published
2024-03-05 20:20
Modified
2024-11-07 17:05
Severity ?
EPSS score ?
Summary
Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-25616", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-06T15:07:21.258099Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-07T17:05:17.507Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:44:09.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points", vendor: "Hewlett Packard Enterprise (HPE)", versions: [ { status: "affected", version: "ArubaOS 10.5.x.x: 10.5.0.1 and below", }, { status: "affected", version: "ArubaOS 10.4.x.x: 10.4.0.3 and below", }, { status: "affected", version: "ArubaOS 8.11.x.x: 8.11.2.0 and below", }, { status: "affected", version: "ArubaOS 8.10.x.x: 8.10.0.9 and below", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "Aruba Engineering", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.</p>", }, ], value: "Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-05T20:20:35.905Z", orgId: "eb103674-0d28-4225-80f8-39fb86215de0", shortName: "hpe", }, references: [ { url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "eb103674-0d28-4225-80f8-39fb86215de0", assignerShortName: "hpe", cveId: "CVE-2024-25616", datePublished: "2024-03-05T20:20:35.905Z", dateReserved: "2024-02-08T18:08:46.265Z", dateUpdated: "2024-11-07T17:05:17.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-1356
Vulnerability from cvelistv5
Published
2024-03-05 20:14
Modified
2024-08-01 18:33
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "10.5.0.1", status: "affected", version: "10.5.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "10.4.0.3", status: "affected", version: "10.4.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "8.11.2.0", status: "affected", version: "8.11.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "8.10.0.9", status: "affected", version: "8.10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "10.4.0.0", status: "affected", version: "10.3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.10.0.0", status: "affected", version: "8.9.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.9.0.0", status: "affected", version: "8.8.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.8.0.0", status: "affected", version: "8.7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.7.0.0", status: "affected", version: "8.6.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "6.5.5.0", status: "affected", version: "6.5.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "sd-wan", vendor: "arubanetworks", versions: [ { lessThan: "8.8.0.0", status: "affected", version: "8.7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "sd-wan", vendor: "arubanetworks", versions: [ { lessThan: "8.7.0.0", status: "affected", version: "8.6.0.4", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-1356", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-29T04:00:15.641283Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-20T19:17:58.253Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:33:25.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points", vendor: "Hewlett Packard Enterprise (HPE)", versions: [ { status: "affected", version: "ArubaOS 10.5.x.x: 10.5.0.1 and below", }, { status: "affected", version: "ArubaOS 10.4.x.x: 10.4.0.3 and below", }, { status: "affected", version: "ArubaOS 8.11.x.x: 8.11.2.0 and below", }, { status: "affected", version: "ArubaOS 8.10.x.x: 8.10.0.9 and below", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "Erik De Jong (bugcrowd.com/erikdejong)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.</p>", }, ], value: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-05T20:14:37.530Z", orgId: "eb103674-0d28-4225-80f8-39fb86215de0", shortName: "hpe", }, references: [ { url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "eb103674-0d28-4225-80f8-39fb86215de0", assignerShortName: "hpe", cveId: "CVE-2024-1356", datePublished: "2024-03-05T20:14:37.530Z", dateReserved: "2024-02-08T18:15:17.017Z", dateUpdated: "2024-08-01T18:33:25.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25611
Vulnerability from cvelistv5
Published
2024-03-05 20:16
Modified
2024-08-01 23:44
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "10.5.0.1", status: "affected", version: "10.5.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "10.4.0.3", status: "affected", version: "10.4.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "8.11.2.0", status: "affected", version: "8.11.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "8.10.0.9", status: "affected", version: "8.10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "10.4.0.0", status: "affected", version: "10.3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.10.0.0", status: "affected", version: "8.9.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.9.0.0", status: "affected", version: "8.8.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.8.0.0", status: "affected", version: "8.7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.7.0.0", status: "affected", version: "8.6.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "6.5.5.0", status: "affected", version: "6.5.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "sd-wan", vendor: "arubanetworks", versions: [ { lessThan: "8.8.0.0", status: "affected", version: "8.7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "sd-wan", vendor: "arubanetworks", versions: [ { lessThan: "8.7.0.0", status: "affected", version: "8.6.0.4", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-25611", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-11T04:00:55.490662Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-20T19:17:25.156Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:44:09.733Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points", vendor: "Hewlett Packard Enterprise (HPE)", versions: [ { status: "affected", version: "ArubaOS 10.5.x.x: 10.5.0.1 and below", }, { status: "affected", version: "ArubaOS 10.4.x.x: 10.4.0.3 and below", }, { status: "affected", version: "ArubaOS 8.11.x.x: 8.11.2.0 and below", }, { status: "affected", version: "ArubaOS 8.10.x.x: 8.10.0.9 and below", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "Erik De Jong (bugcrowd.com/erikdejong)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.</p>", }, ], value: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-05T20:16:02.870Z", orgId: "eb103674-0d28-4225-80f8-39fb86215de0", shortName: "hpe", }, references: [ { url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "eb103674-0d28-4225-80f8-39fb86215de0", assignerShortName: "hpe", cveId: "CVE-2024-25611", datePublished: "2024-03-05T20:16:02.870Z", dateReserved: "2024-02-08T18:08:46.265Z", dateUpdated: "2024-08-01T23:44:09.733Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25614
Vulnerability from cvelistv5
Published
2024-03-05 20:19
Modified
2024-10-29 20:21
Severity ?
EPSS score ?
Summary
There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-25614", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-06T16:13:05.103424Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T20:21:27.256Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:44:09.823Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points", vendor: "Hewlett Packard Enterprise (HPE)", versions: [ { status: "affected", version: "ArubaOS 10.5.x.x: 10.5.0.1 and below", }, { status: "affected", version: "ArubaOS 10.4.x.x: 10.4.0.3 and below", }, { status: "affected", version: "ArubaOS 8.11.x.x: 8.11.2.0 and below", }, { status: "affected", version: "ArubaOS 8.10.x.x: 8.10.0.9 and below", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "Erik De Jong (bugcrowd.com/erikdejong)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. </p>", }, ], value: "There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. \n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-05T20:19:09.850Z", orgId: "eb103674-0d28-4225-80f8-39fb86215de0", shortName: "hpe", }, references: [ { url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "eb103674-0d28-4225-80f8-39fb86215de0", assignerShortName: "hpe", cveId: "CVE-2024-25614", datePublished: "2024-03-05T20:19:09.850Z", dateReserved: "2024-02-08T18:08:46.265Z", dateUpdated: "2024-10-29T20:21:27.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25612
Vulnerability from cvelistv5
Published
2024-03-05 20:16
Modified
2024-08-01 23:44
Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "10.5.0.1", status: "affected", version: "10.5.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "10.4.0.3", status: "affected", version: "10.4.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "8.11.2.0", status: "affected", version: "8.11.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "8.10.0.9", status: "affected", version: "8.10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "10.4.0.0", status: "affected", version: "10.3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.10.0.0", status: "affected", version: "8.9.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.9.0.0", status: "affected", version: "8.8.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.8.0.0", status: "affected", version: "8.7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.7.0.0", status: "affected", version: "8.6.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "6.5.5.0", status: "affected", version: "6.5.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "sd-wan", vendor: "arubanetworks", versions: [ { lessThan: "8.8.0.0", status: "affected", version: "8.7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "sd-wan", vendor: "arubanetworks", versions: [ { lessThan: "8.7.0.0", status: "affected", version: "8.6.0.4", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-25612", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-29T04:00:14.484061Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-20T19:16:50.630Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:44:09.672Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points", vendor: "Hewlett Packard Enterprise (HPE)", versions: [ { status: "affected", version: "ArubaOS 10.5.x.x: 10.5.0.1 and below", }, { status: "affected", version: "ArubaOS 10.4.x.x: 10.4.0.3 and below", }, { status: "affected", version: "ArubaOS 8.11.x.x: 8.11.2.0 and below", }, { status: "affected", version: "ArubaOS 8.10.x.x: 8.10.0.9 and below", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "Erik De Jong (bugcrowd.com/erikdejong)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.</p>", }, ], value: "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-05T20:16:59.563Z", orgId: "eb103674-0d28-4225-80f8-39fb86215de0", shortName: "hpe", }, references: [ { url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "eb103674-0d28-4225-80f8-39fb86215de0", assignerShortName: "hpe", cveId: "CVE-2024-25612", datePublished: "2024-03-05T20:16:59.563Z", dateReserved: "2024-02-08T18:08:46.265Z", dateUpdated: "2024-08-01T23:44:09.672Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25615
Vulnerability from cvelistv5
Published
2024-03-05 20:19
Modified
2025-03-27 20:13
Severity ?
EPSS score ?
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "10.5.0.1", status: "affected", version: "10.5.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "10.4.0.3", status: "affected", version: "10.4.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "8.11.2.0", status: "affected", version: "8.11.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThanOrEqual: "8.10.0.9", status: "affected", version: "8.10.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "10.4.0.0", status: "affected", version: "10.3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.10.0.0", status: "affected", version: "8.9.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.9.0.0", status: "affected", version: "8.8.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.8.0.0", status: "affected", version: "8.7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "8.7.0.0", status: "affected", version: "8.6.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "arubaos", vendor: "arubanetworks", versions: [ { lessThan: "6.5.5.0", status: "affected", version: "6.5.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "sd-wan", vendor: "arubanetworks", versions: [ { lessThan: "8.8.0.0", status: "affected", version: "8.7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "sd-wan", vendor: "arubanetworks", versions: [ { lessThan: "8.7.0.0", status: "affected", version: "8.6.0.4", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-25615", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-06T14:07:39.073529Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T20:13:45.183Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:44:09.639Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points", vendor: "Hewlett Packard Enterprise (HPE)", versions: [ { status: "affected", version: "ArubaOS 10.5.x.x: 10.5.0.1 and below", }, { status: "affected", version: "ArubaOS 10.4.x.x: 10.4.0.3 and below", }, { status: "affected", version: "ArubaOS 8.11.x.x: 8.11.2.0 and below", }, { status: "affected", version: "ArubaOS 8.10.x.x: 8.10.0.9 and below", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "XiaoC from Moonlight Bug Hunter", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p> An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.</p>", }, ], value: " An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-05T20:19:54.342Z", orgId: "eb103674-0d28-4225-80f8-39fb86215de0", shortName: "hpe", }, references: [ { url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "eb103674-0d28-4225-80f8-39fb86215de0", assignerShortName: "hpe", cveId: "CVE-2024-25615", datePublished: "2024-03-05T20:19:54.342Z", dateReserved: "2024-02-08T18:08:46.265Z", dateUpdated: "2025-03-27T20:13:45.183Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.