CVE-2020-24634

Summary

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.

Affected Software

VendorProductVersion RangeStatus
n/aAruba 9000 Gateway2.1.0.1affected
n/aAruba 9000 Gateway2.2.0.0 and belowaffected
n/aAruba 7000 Series Mobility Controllers6.4.4.23affected
n/aAruba 7000 Series Mobility Controllers6.5.4.17affected
n/aAruba 7000 Series Mobility Controllers8.2.2.9affected
n/aAruba 7000 Series Mobility Controllers8.3.0.13affected
n/aAruba 7000 Series Mobility Controllers8.5.0.10affected
n/aAruba 7000 Series Mobility Controllers8.6.0.5affected
n/aAruba 7000 Series Mobility Controllers8.7.0.0 and belowaffected
n/aAruba 7200 Series Mobility Controllers6.4.4.23affected
n/aAruba 7200 Series Mobility Controllers6.5.4.17affected
n/aAruba 7200 Series Mobility Controllers8.2.2.9affected
n/aAruba 7200 Series Mobility Controllers8.3.0.13affected
n/aAruba 7200 Series Mobility Controllers8.5.0.10affected
n/aAruba 7200 Series Mobility Controllers8.6.0.5affected
n/aAruba 7200 Series Mobility Controllers8.7.0.0 and belowaffected

Weaknesses

  • remote injection of arbitrary commands

ADP Enrichment

CVE Program Container

Additional References

References