CVE-2024-26303

Summary

Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0015 and belowaffected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC - All versions.affected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.10.xxxx: WB.16.10.24 and below.affected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.09.xxxx: All versions.affected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.08.xxxx: All versions.affected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.07.xxxx: All versionsaffected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.06.xxxx: All versionsaffected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.05.xxxx: All versionsaffected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0027 and belowaffected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.03.xxxx: All versionsaffected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.02.xxxx: All versionsaffected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 16.01.xxxx: All versionsaffected
Hewlett Packard Enterprise (HPE)ArubaOS-S SwitchArubaOS-Switch 15.xx.xxxx: All versionsaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References