CVE-2024-25614 — Path Traversal in Arubaos

CWE-22 — Path Traversal3 documents3 sources

Severity

9.1CRITICALNVD

CNA5.5

EPSS

0.1%

top 67.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos Hewlett Packard Enterprise Arubaos Wi-fi Controllers AND Campus Remote Access Points

Timeline

PublishedMar 5

Description

There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5hewlett_packard_enterprise/arubaos_wi-fi_controllers_and_campus_remote_access_points4 versions+3

▶NVDarubanetworks/arubaos8.10.0.0 — 8.10.0.10+3

🔴Vulnerability Details

CVEList

CVE-2024-25614: There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS↗2024-03-05

▶

GHSA

GHSA-h33v-9q8c-2j93: There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS↗2024-03-05

▶