cbcvebase.
CVE-2024-26304
published 2024-05-01

CVE-2024-26304: There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending…

PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
44.00%
98.6th percentile
There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Detection & IOCsextracted from sources · hover to see the quote

portUDP/8211
  • Monitor for unexpected or malformed UDP packets destined to port 8211 (PAPI protocol), which is the attack vector for CVE-2024-26304 exploitation attempts against the L2/L3 Management service.
  • Enabling Enhanced PAPI Security on HPE Aruba devices is the vendor-recommended mitigation to block exploitation of this vulnerability without patching.
  • Treat any unauthenticated source sending packets to UDP/8211 on Aruba Mobility Conductors, Mobility Controllers, WLAN Gateways, and SD-WAN Gateways as highly suspicious.
  • ·All EoL ArubaOS versions will NOT receive patches; these include ArubaOS below 10.3, 8.9, 8.8, 8.7, 8.6, 6.5.4, and SD-WAN 2.3.0–8.7.0.0 and 2.2–8.6.0.4, meaning they remain permanently vulnerable.
  • ·No public PoC or active exploitation was confirmed at time of advisory publication, but the CVSS 9.8 score and unauthenticated attack vector warrant urgent prioritization.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.