Arbitrary File Creation Vulnerability Could Lead to Remote Command Execution
CVE-2024-47462

7.2HIGH

Key Information:

Vendor
HP
Status
HP Aruba Networking Access Points, Instant Aos-8, And Aos-10
Vendor
CVE Published:
5 November 2024

Summary

An arbitrary file creation vulnerability has been identified in the command line interface of HPE Instant AOS-8 and AOS-10. This vulnerability enables authenticated remote attackers to create arbitrary files on the system, which poses a significant risk as it may lead to unauthorized remote command execution on the underlying operating system. It is crucial for organizations using these products to assess their environments for potential exploitation paths and apply necessary mitigations.

Affected Version(s)

HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 AOS-10.4.x.x: 10.4.1.4 and below

HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 AOS-10.4.x.x: 10.4.1.4 and below

HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 Instant AOS-8.12.x.x: 8.12.0.2 and below

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
.