CVE-2024-33511
published 2024-05-01CVE-2024-33511: There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending…
PriorityP278critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
14.56%
96.2th percentile
There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | cilium_cilium | >= 0 < 1.14.14 | 1.14.14 |
| github.com | cilium_cilium | >= 1.15.0 < 1.15.8 | 1.15.8 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected or malformed UDP packets destined to port 8211 (PAPI protocol), which is the attack vector for CVE-2024-33511 exploitation attempts against the Automatic Reporting service. ↗
- →Enable Enhanced PAPI Security on HPE Aruba devices as a mitigation/detection control; absence of this feature leaves the PAPI UDP port exposed to unauthenticated exploitation. ↗
- →Focus detection on the Automatic Reporting service process on ArubaOS devices; successful exploitation results in arbitrary code execution as a privileged user on the underlying OS. ↗
- ·Affected products span multiple ArubaOS version lines; ensure version checks cover all branches including EoL versions, as all EoL ArubaOS and SD-WAN versions are vulnerable. ↗
- ·No public PoC or active exploitation was confirmed at time of advisory; however, the unauthenticated nature (CVSS 9.8) warrants urgent patching and monitoring. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Policy bypass for Host Firewall policy due to race condition in Cilium agent
ghsa·2024-08-15
CVE-2024-42488 [MEDIUM] CWE-362 Policy bypass for Host Firewall policy due to race condition in Cilium agent
Policy bypass for Host Firewall policy due to race condition in Cilium agent
### Impact
A race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies intended for nodes with the ignored label to not apply, leading to policy bypass.
### Patches
This issue was fixed in https://github.com/cilium/cilium/pull/33511.
This issue affects:
- All versions of Cilium before v1.14.14
- Cilium v1.15 between v1.15.0 and v1.15.7 inclusive
This issue has been patched in:
- Cilium v1.14.14
- Cilium v1.15.8
### Workarounds
As the underlying issue depends on a race condition, users unable to upgrade can restart the Cilium agent on affected nodes until the affected policies are confirmed to be work
GHSA
GHSA-vrmc-7fqr-49c6: There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sen
ghsa_unreviewed·2024-05-01
CVE-2024-33511 [CRITICAL] CWE-121 GHSA-vrmc-7fqr-49c6: There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sen
There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
No detection rules found.
No public exploits indexed.
Checkpoint
6th May – Threat Intelligence Report
blogs_checkpoint·2024-05-06
CVE-2024-26304 6th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 6th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 29th April, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
In a joint statement with Germany and NATO, the Czech Republic uncovered a cyber espionage campaign by Russian state affiliated actor APT28. These cyber-attacks targeted Czech institutions using a new vulnerability in Microsoft Outlook. APT28, linked to Russian military intelligence, is involved in a long-term espionage campaign
Bleepingcomputer
HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
blogs_bleepingcomputer·2024-05-01·CVSS 9.8
[CRITICAL] HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
## HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
## Bill Toulas
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
The advisory lists ten vulnerabilities, four of which are critical-severity (CVSS v3.1: 9.8) unauthenticated buffer overflow problems that can lead to remote code execution (RCE).
Products impacted by the newly disclosed flaws are:
HPE Aruba Networking Mobility Conductor, Mobility Controllers, WLAN Gateways, and SD-WAN Gateways managed by Aruba Central.
ArubaOS 10.5.1.0 and below, 10.4.1.0 and older, 8.11.2.1 and below, and 8.10.0.10 and older.
All versions of ArubaOS and SD-WAN that have reached E
2024-05-01
Published