Authenticated Command Injection Vulnerability
CVE-2024-47461

7.2HIGH

Key Information:

Vendor
HP
Status
HP Aruba Networking Access Points, Instant Aos-8, And Aos-10
Vendor
CVE Published:
5 November 2024

Summary

An authenticated command injection vulnerability exists within the command line interface of HPE Instant AOS-8 and AOS-10 products. This security issue enables attackers to execute arbitrary commands with privileged user rights on the underlying operating system. Successful exploitation poses significant risks, including the total compromise of the host operating system. Organizations utilizing affected Instant AOS products must take immediate action to mitigate potential risks associated with this vulnerability.

Affected Version(s)

HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 AOS-10.4.x.x: 10.4.1.4 and below

HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 AOS-10.4.x.x: 10.4.1.4 and below

HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 Instant AOS-8.12.x.x: 8.12.0.2 and below

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
.