CVE-2024-42501

Summary

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba OSVersion 10.6.0.0: 10.6.0.2 and below <= <=10.6.0.2affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 8.10.0.0: 8.10.0.13 and below <= <=8.10.0.13affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 10.5.0.0: 10.6.0.0 and below <= <=10.6.0.0affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 10.3.0.0: 10.4.0.0 and below <= <=10.4.0.0affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 8.11.0.0: 8.12.0.0 and below <= <=8.12.0.0affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 8.12.0.0: 8.12.0.1 and below <= <=8.12.0.1affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 6.5.4.0: 8.9.0.0 and below <= <=8.9.0.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References