PAPI AP Management Service Vulnerable to Unauthenticated DoS Attacks
CVE-2024-33514

7.5HIGH

Key Information:

Vendor: HP
Status: Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; Wlan Gateways And Sd-wan Gateways Managed By Aruba Central
Vendor: CVE Published:; 1 May 2024

What is CVE-2024-33514?

The AP Management service from Aruba Networks contains unauthenticated Denial-of-Service (DoS) vulnerabilities that can allow an attacker to disrupt the normal functionality of the service through the PAPI protocol. Successful exploitation does not require user credentials, making it a serious concern for network stability and security. Organizations utilizing this service should take immediate action to assess their systems and implement mitigations.

Affected Version(s)

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central ArubaOS 10.5.x.x: 10.5.1.0 and below

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central ArubaOS 10.4.x.x: 10.4.1.0 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2024
Vulnerability Reserved
Apr 23, 2024

Credit

Chancen

JSON

HP

What is CVE-2024-33514?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit