CVE-2020-24633 — Classic Buffer Overflow in Arubaos

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

1.7%

top 17.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos Arubanetworks Sd-wan

Timeline

PublishedDec 11

Latest updateMay 24

Description

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDarubanetworks/sd-wan2.2.0.0 — 2.2.0.1+1

▶NVDarubanetworks/arubaos6.5.0.0 — 6.5.4.18+6

🔴Vulnerability Details

GHSA

GHSA-8vgr-w2rm-8hjx: There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets dest↗2022-05-24

▶

CVEList

CVE-2020-24633: There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets dest↗2020-12-11

▶