CVE-2024-42398

Summary

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard EnterpriseHPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10Version 8.12.0.0: 8.12.0.1 and below <= <=8.12.0.1affected
Hewlett Packard EnterpriseHPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10Version 8.10.0.0: 8.10.0.12 and below <= <=8.10.0.12affected
Hewlett Packard EnterpriseHPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10Version 10.6.0.0: 10.6.0.0 and below <= <=10.6.0.0affected
Hewlett Packard EnterpriseHPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10Version 10.4.0.0: 10.4.1.3 and below <= <=10.4.1.3affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References