Unauthenticated Remote Code Execution Vulnerability in Aruba's Access Point Management Protocol
CVE-2024-42506
9.8CRITICAL
What is CVE-2024-42506?
The vulnerability presents a command injection issue within the CLI services utilized by Aruba's Access Point management protocol (PAPI). This allows for unauthenticated attackers to send malicious packets to the UDP port 8211, potentially resulting in remote code execution. Such exploitation enables unauthorized execution of arbitrary commands as a privileged user on the affected operating systems, posing significant security risks to network infrastructure relying on Aruba access points.
Affected Version(s)
Aruba OS Version 10.5.0.0: 10.6.0.2 and below
Aruba OS Version 10.5.0.0: 10.6.0.2 and below
Aruba OS Version 10.0.0.0: 10.4.1.13 and below