CVE-2024-42394

CWE-787 — Out-of-bounds Write CWE-200 — Information Exposure3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 45.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos HP Instantos Hewlett Packard Enterprise (hpe) HPE Aruba Networking Instantos AND Aruba Access Points Running Arubaos 10

Timeline

PublishedAug 6

Description

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDhp/instantos6.4.0.0 — 8.10.0.13+1

▶NVDarubanetworks/arubaos10.3.0.0 — 10.4.1.4+1

▶CVEListV5hewlett_packard_enterprise_(hpe)/hpe_aruba_networking_instantos_and_aruba_access_points_running_arubaos_10Version 8.12.0.0: 8.12.0.1 and below — <=8.12.0.1+1

🔴Vulnerability Details

CVEList

Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol↗2024-08-06

▶

GHSA

GHSA-v9rg-h6h9-q754: There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack↗2024-08-06

▶