CVE-2024-25615

Summary

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 10.5.x.x: 10.5.0.1 and belowaffected
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 10.4.x.x: 10.4.0.3 and belowaffected
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 8.11.x.x: 8.11.2.0 and belowaffected
Hewlett Packard Enterprise (HPE)ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 8.10.x.x: 8.10.0.9 and belowaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References