Privileged Command Injection: A Threat to Operating Systems
CVE-2024-31477

8.8HIGH

Key Information:

Vendor

HP (HP)

Vendor
CVE Published:
14 May 2024

What is CVE-2024-31477?

Multiple authenticated command injection vulnerabilities have been identified in the command line interface of Aruba Networks products. Exploiting these vulnerabilities allows an attacker to execute arbitrary commands as a privileged user on the underlying operating system. This severely compromises system integrity and confidentiality, necessitating immediate attention and remediation by system administrators.

Affected Version(s)

AOS-8 Instant and AOS-10 AP 10.5.0.0 <= 10.5.1.0

AOS-8 Instant and AOS-10 AP 10.4.0.0 <= 10.4.1.0

AOS-8 Instant and AOS-10 AP 8.11.0.0 <= 8.11.2.1

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Erik De Jong (bugcrowd.com/erikdejong)
.