Arbitrary File Creation Vulnerability Could Lead to Remote Command Execution
CVE-2024-47463

7.2HIGH

Key Information:

Vendor
HP
Status
HP Aruba Networking Access Points, Instant Aos-8, And Aos-10
Vendor
CVE Published:
5 November 2024

Summary

An arbitrary file creation vulnerability has been identified in the command line interface of Instant AOS-8 and AOS-10. This flaw allows an authenticated remote attacker to create arbitrary files on the system. If exploited, this could lead to the execution of arbitrary commands on the underlying operating system, posing a serious security risk. Organizations using these versions need to assess their systems and apply any relevant updates or mitigations as outlined by HPE to safeguard against potential exploitation.

Affected Version(s)

HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 AOS-10.4.x.x: 10.4.1.4 and below

HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 AOS-10.4.x.x: 10.4.1.4 and below

HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 Instant AOS-8.12.x.x: 8.12.0.2 and below

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
.