Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol
CVE-2024-42394

9.8CRITICAL

Key Information:

Vendor
HP
Status
HP Aruba Networking Instantos And Aruba Access Points Running Arubaos 10
Vendor
CVE Published:
6 August 2024

Summary

The Soft AP Daemon Service from Hewlett Packard Enterprise contains vulnerabilities that can be exploited by a threat actor to perform unauthenticated remote code execution (RCE) attacks. If successfully exploited, this vulnerability allows an attacker to execute arbitrary commands on the underlying operating system, which could lead to a complete system compromise. It is crucial for organizations using this service to assess their vulnerability management strategies and implement necessary patches to guard against potential exploits.

Affected Version(s)

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.12.0.0: 8.12.0.1 and below

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.12.0.0: 8.12.0.1 and below

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.10.0.0: 8.10.0.12 and below

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
.