CVE-2024-31475 — Deletion of Data Structure Sentinel in Arubaos

CWE-463 — Deletion of Data Structure Sentinel3 documents3 sources

Severity

8.2HIGHNVD

EPSS

1.2%

top 20.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos HP Instantos Hewlett Packard Enterprise Aos-8 Instant AND Aos-10 AP

Timeline

PublishedMay 14

Latest updateMay 15

Description

There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages3 packages

▶NVDarubanetworks/arubaos10.3.0.0 — 10.4.1.1+1

▶NVDhp/instantos6.4.0.0 — 8.6.0.24+1

▶CVEListV5hewlett_packard_enterprise/aos-8_instant_and_aos-10_ap10.5.0.0 — 10.5.1.0+4

🔴Vulnerability Details

GHSA

GHSA-7gr6-pqw7-p68c: There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol)↗2024-05-15

▶

CVEList

CVE-2024-31475: There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol)↗2024-05-14

▶