Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol
CVE-2024-42393

9.8CRITICAL

Key Information:

Vendor
HP
Status
HP Aruba Networking Instantos And Aruba Access Points Running Arubaos 10
Vendor
CVE Published:
6 August 2024

Summary

The Soft AP Daemon Service developed by Hewlett Packard Enterprise has a vulnerability that permits remote code execution without authentication. This flaw could allow an attacker to run arbitrary commands on the host operating system, posing a severe risk to the integrity and availability of the system. Exploitation of this vulnerability can lead to complete compromise of affected systems, making it essential for users to apply security patches and mitigations as soon as they are available. Comprehensive monitoring and proactive security measures are recommended to safeguard against potential exploitation.

Affected Version(s)

Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.12.0.0: 8.12.0.1 and below

Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.12.0.0: 8.12.0.1 and below

Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.10.0.0: 8.10.0.12 and below

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
.