cbcvebase.
CVE-2024-26305
published 2024-05-01

CVE-2024-26305: There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted…

PriorityP279critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
15.16%
96.3th percentile
There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Detection & IOCsextracted from sources · hover to see the quote

portUDP/8211
  • Monitor for unexpected or malformed UDP traffic destined to port 8211 (PAPI protocol), which is the attack vector for CVE-2024-26305 exploitation attempts against the ArubaOS Utility daemon.
  • Unauthenticated exploitation results in arbitrary code execution as a privileged user; alert on unexpected privileged process spawning from the Utility daemon on ArubaOS devices.
  • Enabling Enhanced PAPI Security is a recommended mitigation that can also serve as a detection control boundary — traffic bypassing this control to port 8211 should be flagged.
  • ·All EoL ArubaOS versions are vulnerable and will not receive patches; these include ArubaOS below 10.3, 8.9, 8.8, 8.7, 8.6, 6.5.4, and SD-WAN 2.3.0–8.7.0.0 and 2.2–8.6.0.4 — detection posture on these devices should be treated as permanently degraded.
  • ·At time of advisory publication, no active exploitation or public PoC was confirmed, but the CVSS 9.8 score and unauthenticated network attack vector warrant urgent prioritization.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.