Unauthenticated Denial-of-Service Vulnerability in Soft AP Daemon by HPE
CVE-2024-42398

5.3MEDIUM

Key Information:

Vendor: HP
Status: HP Aruba Networking Instantos And Aruba Access Points Running Arubaos 10
Vendor: CVE Published:; 6 August 2024

Summary

Multiple unauthenticated Denial-of-Service vulnerabilities exist in the Soft AP daemon, which can be accessed through the PAPI protocol. When exploited, these vulnerabilities can disrupt the normal functioning of the impacted Access Points, leading to interruptions in network service. This poses a significant risk to network availability, emphasizing the need for timely intervention and mitigation strategies.

Affected Version(s)

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.12.0.0: 8.12.0.1 and below

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.10.0.0: 8.10.0.12 and below

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 10.6.0.0: 10.6.0.0 and below

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2024