9.8
CVE-2024-42395
- EPSS 0.2%
- Veröffentlicht 06.08.2024 19:15:57
- Zuletzt bearbeitet 12.08.2024 18:23:57
- Quelle security-alert@hpe.com
- Teams Watchlist Login
- Unerledigt Login
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arubanetworks ≫ Arubaos Version >= 10.3.0.0 < 10.4.1.4
Arubanetworks ≫ Arubaos Version >= 10.5.0.0 < 10.6.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.419 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security-alert@hpe.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.