CVE-2024-26305

Warnung

EPSS 16.45%
Veröffentlicht 01.05.2024 15:15:14
Zuletzt bearbeitet 21.11.2024 09:02:20
Quelle security-alert@hpe.com
Teams Watchlist Login
Unerledigt Login

There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version < 8.10.0.10

Version 8.10.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version < 10.5.1.0

Version 10.5.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version < 10.4.1.0

Version 10.4.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version < 8.11.2.1

Version 8.11.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version < 10.4.0.0

Version 10.3.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version < 8.10.0.0

Version 8.9.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version < 8.9.0.0

Version 8.8.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version < 8.8.0.0

Version 8.7.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version < 8.7.0.0

Version 8.6.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version < 6.5.5.0

Version 6.5.4.0

Status affected

Herstellerarubanetworks

≫

Produkt sd-wan

Default Statusaffected

Version < *

Version 8.7.0.0

Status affected

Herstellerarubanetworks

≫

Produkt sd-wan

Default Statusaffected

Version < *

Version 8.6.0.4

Status affected

02.05.2024: CERT.at Warnung

https://www.cert.at/de/warnungen/2024/5/kritische-sicherheitslucken-in-arubaos-updates-verfugbar

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	16.45%	0.947

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-alert@hpe.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt

https://nvd.nist.gov/vuln/detail/CVE-2024-26305

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26305

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26305

EUVD