Denial-of-Service Vulnerabilities in Access Points By HPE
CVE-2024-42399

5.3MEDIUM

Key Information:

Vendor: HP
Status: HP Aruba Networking Instantos And Aruba Access Points Running Arubaos 10
Vendor: CVE Published:; 6 August 2024

What is CVE-2024-42399?

The Soft AP daemon utilized by HPE Access Points is susceptible to multiple unauthenticated Denial-of-Service vulnerabilities via the PAPI protocol. Exploitation of these vulnerabilities allows an attacker to disrupt normal operations of the affected Access Points, potentially leading to service interruptions and affected connectivity for users relying on the impacted devices.

Affected Version(s)

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.12.0.0: 8.12.0.1 and below

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.10.0.0: 8.10.0.12 and below

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 10.6.0.0: 10.6.0.0 and below

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2024