PAPI AP Management Service Vulnerable to Unauthenticated DoS Attacks
CVE-2024-33515

7.5HIGH

Key Information:

Vendor

HP
Status
Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; Wlan Gateways And Sd-wan Gateways Managed By Aruba Central
Vendor
CVE Published:
1 May 2024

What is CVE-2024-33515?

A vulnerability has been identified in the AP Management service implemented by Aruba Networks, which can be accessed via the PAPI protocol. This flaw allows an attacker to execute unauthenticated requests that can lead to service interruptions, affecting the normal operational capability of the AP Management service. Mitigations are essential to safeguard against such exploitation that may disrupt network services.

Affected Version(s)

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central ArubaOS 10.5.x.x: 10.5.1.0 and below

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central ArubaOS 10.5.x.x: 10.5.1.0 and below

Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central ArubaOS 10.4.x.x: 10.4.1.0 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chancen
JSON
.
CVE-2024-33515 : PAPI AP Management Service Vulnerable to Unauthenticated DoS Attacks