CVE-2024-33511

Warning

EPSS 22.85%
Published 01.05.2024 15:15:15
Last modified 21.11.2024 09:17:03
Source security-alert@hpe.com
Teams watchlist Login
Open Login

There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Affected products Warnungen 1 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorarubanetworks

≫

Product arubaos

Default Statusaffected

Version < 8.10.0.10

Version 8.10.0.0

Status affected

Vendorarubanetworks

≫

Product arubaos

Default Statusaffected

Version < 10.5.1.0

Version 10.5.0.0

Status affected

Vendorarubanetworks

≫

Product arubaos

Default Statusaffected

Version < 10.4.1.0

Version 10.4.0.0

Status affected

Vendorarubanetworks

≫

Product arubaos

Default Statusaffected

Version < 8.11.2.1

Version 8.11.0.0

Status affected

Vendorarubanetworks

≫

Product arubaos

Default Statusaffected

Version < 10.4.0.0

Version 10.3.0.0

Status affected

Vendorarubanetworks

≫

Product arubaos

Default Statusaffected

Version < 8.10.0.0

Version 8.9.0.0

Status affected

Vendorarubanetworks

≫

Product arubaos

Default Statusaffected

Version < 8.9.0.0

Version 8.8.0.0

Status affected

Vendorarubanetworks

≫

Product arubaos

Default Statusaffected

Version < 8.8.0.0

Version 8.7.0.0

Status affected

Vendorarubanetworks

≫

Product arubaos

Default Statusaffected

Version < 8.7.0.0

Version 8.6.0.0

Status affected

Vendorarubanetworks

≫

Product arubaos

Default Statusaffected

Version < 6.5.5.0

Version 6.5.4.0

Status affected

Vendorarubanetworks

≫

Product sd-wan

Default Statusaffected

Version < *

Version 8.7.0.0

Status affected

Vendorarubanetworks

≫

Product sd-wan

Default Statusaffected

Version < *

Version 8.6.0.4

Status affected

02.05.2024: CERT.at Warnung

https://www.cert.at/de/warnungen/2024/5/kritische-sicherheitslucken-in-arubaos-updates-verfugbar

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	22.85%	0.957

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
security-alert@hpe.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt

https://nvd.nist.gov/vuln/detail/CVE-2024-33511

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-33511

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-33511

EUVD