CVE-2024-42396

3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 72.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Instantos Hewlett Packard Enterprise (hpe) HPE Aruba Networking Instantos AND Aruba Access Points Running Arubaos 10

Timeline

PublishedAug 6

Description

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5hewlett_packard_enterprise_(hpe)/hpe_aruba_networking_instantos_and_aruba_access_points_running_arubaos_10Version 8.12.0.0: 8.12.0.1 and below — <=8.12.0.1+1

▶NVDhp/instantos8.10.0.0 — 8.10.0.13+1

🔴Vulnerability Details

CVEList

Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol↗2024-08-06

▶

GHSA

GHSA-mccf-vjw6-rwhg: Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol↗2024-08-06

▶