Arbitrary File Deletion Vulnerability in PAPI Affects Access Point Management
CVE-2024-31474

8.2HIGH

Key Information:

Vendor
HP
Status
Aruba Instantos And Aruba Access Points Running Arubaos 10
Vendor
CVE Published:
14 May 2024

Summary

An arbitrary file deletion vulnerability is present in the Command Line Interface (CLI) service accessed via the Aruba's Access Point management protocol, known as PAPI. This flaw allows an attacker to delete files on the underlying operating system of the access point. Such unauthorized file deletions could severely disrupt normal operational activities and compromise the integrity of the affected Access Point, potentially leading to a breakdown in services and increased vulnerability to additional attacks.

Affected Version(s)

Aruba InstantOS and Aruba Access Points running ArubaOS 10 InstantOS or ArubaOS (access points) 10.5.x.x: 10.5.1.0 and below.

Aruba InstantOS and Aruba Access Points running ArubaOS 10 InstantOS or ArubaOS (access points) 10.5.x.x: 10.5.1.0 and below.

Aruba InstantOS and Aruba Access Points running ArubaOS 10 InstantOS or ArubaOS (access points) 10.4.x.x: 10.4.1.0 and below.

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024...

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chancen
.