CVE-2024-42502
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba OS | Version 10.6.0.0: 10.6.0.2 and below <= <=10.6.0.2 | affected |
| Hewlett Packard Enterprise (HPE) | Aruba OS | Version 8.10.0.0: 8.10.0.13 and below <= <=8.10.0.13 | affected |
| Hewlett Packard Enterprise (HPE) | Aruba OS | Version 10.5.0.0: 10.6.0.0 and below <= <=10.6.0.0 | affected |
| Hewlett Packard Enterprise (HPE) | Aruba OS | Version 10.3.0.0: 10.4.0.0 and below <= <=10.4.0.0 | affected |
| Hewlett Packard Enterprise (HPE) | Aruba OS | Version 8.11.0.0: 8.12.0.0 and below <= <=8.12.0.0 | affected |
| Hewlett Packard Enterprise (HPE) | Aruba OS | Version 8.12.0.0: 8.12.0.1 and below <= <=8.12.0.1 | affected |
| Hewlett Packard Enterprise (HPE) | Aruba OS | Version 6.5.4.0: 8.9.0.0 and below <= <=8.9.0.0 | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.