CVE-2024-42502

Summary

Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba OSVersion 10.6.0.0: 10.6.0.2 and below <= <=10.6.0.2affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 8.10.0.0: 8.10.0.13 and below <= <=8.10.0.13affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 10.5.0.0: 10.6.0.0 and below <= <=10.6.0.0affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 10.3.0.0: 10.4.0.0 and below <= <=10.4.0.0affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 8.11.0.0: 8.12.0.0 and below <= <=8.12.0.0affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 8.12.0.0: 8.12.0.1 and below <= <=8.12.0.1affected
Hewlett Packard Enterprise (HPE)Aruba OSVersion 6.5.4.0: 8.9.0.0 and below <= <=8.9.0.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References