CVE-2024-33512

Warnung

EPSS 22.84%
Veröffentlicht 01.05.2024 15:15:15
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security-alert@hpe.com
CVE-Watchlists
Login
Unerledigt
Login

There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

CNA 12 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.10.0.0

Version < 8.10.0.10

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 10.5.0.0

Version < 10.5.1.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 10.4.0.0

Version < 10.4.1.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.11.0.0

Version < 8.11.2.1

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 10.3.0.0

Version < 10.4.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.9.0.0

Version < 8.10.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.8.0.0

Version < 8.9.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.7.0.0

Version < 8.8.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 8.6.0.0

Version < 8.7.0.0

Status affected

Herstellerarubanetworks

≫

Produkt arubaos

Default Statusaffected

Version 6.5.4.0

Version < 6.5.5.0

Status affected

Herstellerarubanetworks

≫

Produkt sd-wan

Default Statusaffected

Version 8.7.0.0

Version < *

Status affected

Herstellerarubanetworks

≫

Produkt sd-wan

Default Statusaffected

Version 8.6.0.4

Version < *

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

02.05.2024:

https://www.cert.at/de/warnungen/2024/5/kritische-sicherheitslucken-in-arubaos-updates-verfugbar

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	22.84%	0.957

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-alert@hpe.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt

https://nvd.nist.gov/vuln/detail/CVE-2024-33512

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-33512

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-33512

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-33512

02.05.2024: