cbcvebase.
CVE-2024-33511
published 2024-05-01

CVE-2024-33511: There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending…

PriorityP278critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
14.56%
96.2th percentile
There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Affected

2 ranges
VendorProductVersion rangeFixed in
github.comcilium_cilium>= 0 < 1.14.141.14.14
github.comcilium_cilium>= 1.15.0 < 1.15.81.15.8

Detection & IOCsextracted from sources · hover to see the quote

portUDP/8211
  • Monitor for unexpected or malformed UDP packets destined to port 8211 (PAPI protocol), which is the attack vector for CVE-2024-33511 exploitation attempts against the Automatic Reporting service.
  • Enable Enhanced PAPI Security on HPE Aruba devices as a mitigation/detection control; absence of this feature leaves the PAPI UDP port exposed to unauthenticated exploitation.
  • Focus detection on the Automatic Reporting service process on ArubaOS devices; successful exploitation results in arbitrary code execution as a privileged user on the underlying OS.
  • ·Affected products span multiple ArubaOS version lines; ensure version checks cover all branches including EoL versions, as all EoL ArubaOS and SD-WAN versions are vulnerable.
  • ·No public PoC or active exploitation was confirmed at time of advisory; however, the unauthenticated nature (CVSS 9.8) warrants urgent patching and monitoring.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.