Arbitrary File Creation Vulnerability Could Lead to Remote Command Execution
CVE-2024-47463

7.2HIGH

Key Information:

Vendor: HP
Status: HP Aruba Networking Access Points, Instant Aos-8, And Aos-10
Vendor: CVE Published:; 5 November 2024

What is CVE-2024-47463?

An arbitrary file creation vulnerability has been identified in the command line interface of Instant AOS-8 and AOS-10. This flaw allows an authenticated remote attacker to create arbitrary files on the system. If exploited, this could lead to the execution of arbitrary commands on the underlying operating system, posing a serious security risk. Organizations using these versions need to assess their systems and apply any relevant updates or mitigations as outlined by HPE to safeguard against potential exploitation.

Affected Version(s)

HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 AOS-10.4.x.x: 10.4.1.4 and below

HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 Instant AOS-8.12.x.x: 8.12.0.2 and below

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2024

Credit

zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)