8.2

CVE-2024-31475

EPSS 1.58%
Published 14.05.2024 23:15:10
Last modified 05.06.2025 15:25:48
Source security-alert@hpe.com
Teams watchlist Login
Open Login

There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Arubanetworks ≫ Arubaos Version >= 10.3.0.0 < 10.4.1.1

Arubanetworks ≫ Arubaos Version >= 10.5.0.0 < 10.5.1.1

Hp ≫ Instantos Version >= 6.4.0.0 < 8.6.0.24

Hp ≫ Instantos Version >= 8.7.0.0 < 8.10.0.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.58%	0.808

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
security-alert@hpe.com	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-463 Deletion of Data Structure Sentinel

The accidental deletion of a data-structure sentinel can cause serious programming logic problems.

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

Vendor Advisory

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2024-31475

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-31475

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-31475

EUVD