10

CVE-2020-24633

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.

Data is provided by the National Vulnerability Database (NVD)
ArubanetworksArubaos Version < 6.4.4.24
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 6.5.0.0 < 6.5.4.18
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 8.0.0.0 < 8.2.2.10
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 8.3.0.0 < 8.3.0.14
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 8.4.0.0 < 8.5.0.11
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 8.6.0.0 < 8.6.0.6
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksArubaos Version >= 8.7.0.0 < 8.7.1.0
   Arubanetworks7005 Version-
   Arubanetworks7008 Version-
   Arubanetworks7010 Version-
   Arubanetworks7024 Version-
   Arubanetworks7030 Version-
   Arubanetworks7205 Version-
   Arubanetworks7210 Version-
   Arubanetworks7220 Version-
   Arubanetworks7240xm Version-
   Arubanetworks7280 Version-
ArubanetworksSd-wan Version < 2.1.0.2
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
ArubanetworksSd-wan Version >= 2.2.0.0 < 2.2.0.1
   Arubanetworks9004 Version-
   Arubanetworks9004-lte Version-
   Arubanetworks9012 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.34% 0.781
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.