Unauthenticated Remote Code Execution Vulnerability in Central Communications
CVE-2024-31471
Summary
A command injection vulnerability exists within the Central Communications service of Aruba Networks, which can potentially allow for unauthenticated remote code execution. The vulnerability arises from the handling of specifically crafted packets sent to the PAPI (Aruba's Access Point management protocol) over UDP port 8211. If exploited, this vulnerability could enable attackers to execute arbitrary code with elevated privileges on the underlying operating system. Organizations utilizing Aruba's solutions should evaluate their systems immediately to mitigate potential risks associated with this vulnerability.
Affected Version(s)
Aruba InstantOS and Aruba Access Points running ArubaOS 10 InstantOS or ArubaOS (access points) 10.5.x.x: 10.5.1.0 and below.
Aruba InstantOS and Aruba Access Points running ArubaOS 10 InstantOS or ArubaOS (access points) 10.5.x.x: 10.5.1.0 and below.
Aruba InstantOS and Aruba Access Points running ArubaOS 10 InstantOS or ArubaOS (access points) 10.4.x.x: 10.4.1.0 and below.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
prophaze.comCVE-2024-31471CVE-2024-31471 : ARUBA INSTANTOS/ARUBAOS CENTRAL COMMUNICATONS SERVICE COMMAND INJECTION - Cloud WAF
CVE-2024-31471 : There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211).
8 months ago
References
CVSS V3.1
Timeline
- π°
First article discovered by prophaze.com
Vulnerability published
Vulnerability Reserved