Remote Code Execution Vulnerability in HPE AP Certificate Management Service
CVE-2024-42395

9.8CRITICAL

Key Information:

Vendor: HP
Status: Instantos; Arubaos
Vendor: CVE Published:; 6 August 2024

Summary

A vulnerability exists in the HPE AP Certificate Management Service that enables unauthenticated remote code execution (RCE) attacks. If exploited, this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system, potentially leading to a full system compromise. This could jeopardize sensitive data and disrupt normal operations, making it essential for users of the affected service to implement necessary mitigations and updates to safeguard their systems.

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2024