CVE-2024-26305

Warnung

EPSS 9.37%
Veröffentlicht 01.05.2024 15:15:14
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security-alert@hpe.com
CVE-Watchlists
Login
Unerledigt
Login

There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

CNA 12 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.10.0.0

Version < 8.10.0.10

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 10.5.0.0

Version < 10.5.1.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 10.4.0.0

Version < 10.4.1.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.11.0.0

Version < 8.11.2.1

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 10.3.0.0

Version < 10.4.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.9.0.0

Version < 8.10.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.8.0.0

Version < 8.9.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.7.0.0

Version < 8.8.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.6.0.0

Version < 8.7.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 6.5.4.0

Version < 6.5.5.0

Status affected

Herstellerarubanetworks

≫

Produkt sd-wan

Default Statusaffected

Version 8.7.0.0

Version < *

Status affected

Herstellerarubanetworks

≫

Produkt sd-wan

Default Statusaffected

Version 8.6.0.4

Version < *

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

02.05.2024:

https://www.cert.at/de/warnungen/2024/5/kritische-sicherheitslucken-in-arubaos-updates-verfugbar

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.37%	0.927

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-alert@hpe.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt

https://nvd.nist.gov/vuln/detail/CVE-2024-26305

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26305

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26305

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-26305

02.05.2024: