CVE-2024-1356

Summary

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 10.5.x.x: 10.5.0.1 and belowaffected
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 10.4.x.x: 10.4.0.3 and belowaffected
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 8.11.x.x: 8.11.2.0 and belowaffected
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 8.10.x.x: 8.10.0.9 and belowaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References