CVE-2024-33512
published 2024-05-01CVE-2024-33512: There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution…
PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
14.62%
96.2th percentile
There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected or malformed UDP packets destined to port 8211 (PAPI protocol), which is the attack vector for CVE-2024-33512 exploitation attempts targeting the Local User Authentication Database service. ↗
- →Exploitation results in arbitrary code execution as a privileged user on the underlying OS; look for anomalous privileged process spawning on ArubaOS devices following inbound PAPI traffic. ↗
- →The attack is unauthenticated — no credentials or prior access are required. Any inbound UDP/8211 traffic from untrusted/external sources to Aruba Mobility Controllers, Conductors, WLAN/SD-WAN Gateways should be treated as suspicious. ↗
- ·Enabling Enhanced PAPI Security is the vendor-recommended mitigation to reduce exposure to this vulnerability without patching. ↗
- ·All EoL ArubaOS and SD-WAN versions are affected and will not receive patches; these include ArubaOS below 10.3, 8.9, 8.8, 8.7, 8.6, 6.5.4, and SD-WAN 2.3.0–8.7.0.0 and 2.2–8.6.0.4. ↗
- ·As of the advisory date, no active exploitation or public PoC exploits were known, but patching urgency remains high given the CVSS 9.8 score and unauthenticated attack vector. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
6th May – Threat Intelligence Report
blogs_checkpoint·2024-05-06
CVE-2024-26304 6th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 6th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 29th April, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
In a joint statement with Germany and NATO, the Czech Republic uncovered a cyber espionage campaign by Russian state affiliated actor APT28. These cyber-attacks targeted Czech institutions using a new vulnerability in Microsoft Outlook. APT28, linked to Russian military intelligence, is involved in a long-term espionage campaign
Bleepingcomputer
HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
blogs_bleepingcomputer·2024-05-01·CVSS 9.8
[CRITICAL] HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
## HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
## Bill Toulas
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
The advisory lists ten vulnerabilities, four of which are critical-severity (CVSS v3.1: 9.8) unauthenticated buffer overflow problems that can lead to remote code execution (RCE).
Products impacted by the newly disclosed flaws are:
HPE Aruba Networking Mobility Conductor, Mobility Controllers, WLAN Gateways, and SD-WAN Gateways managed by Aruba Central.
ArubaOS 10.5.1.0 and below, 10.4.1.0 and older, 8.11.2.1 and below, and 8.10.0.10 and older.
All versions of ArubaOS and SD-WAN that have reached E
2024-05-01
Published