Unauthenticated Denial-of-Service Vulnerabilities in HP Access Points
CVE-2024-42400

5.3MEDIUM

Key Information:

Vendor: HP
Status: HP Aruba Networking Instantos And Aruba Access Points Running Arubaos 10
Vendor: CVE Published:; 6 August 2024

Summary

Multiple unauthenticated Denial-of-Service vulnerabilities have been identified in the Soft AP daemon accessed via the PAPI protocol within HP Access Points. These vulnerabilities can be exploited by attackers to disrupt the normal operation of the Access Points, potentially resulting in service interruptions for users. It is crucial for organizations to identify whether their devices are running affected firmware versions and apply necessary updates to safeguard against these disruptions.

Affected Version(s)

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.12.0.0: 8.12.0.1 and below

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 8.10.0.0: 8.10.0.12 and below

HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 Version 10.6.0.0: 10.6.0.0 and below

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2024