CVE-2024-25614

Summary

There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 10.5.x.x: 10.5.0.1 and belowaffected
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 10.4.x.x: 10.4.0.3 and belowaffected
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 8.11.x.x: 8.11.2.0 and belowaffected
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 8.10.x.x: 8.10.0.9 and belowaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References