CVE-2024-42399

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 62.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos HP Instantos Hewlett Packard Enterprise HPE Aruba Networking Instantos AND Aruba Access Points Running Arubaos 10

Timeline

PublishedAug 6

Description

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5hewlett_packard_enterprise/hpe_aruba_networking_instantos_and_aruba_access_points_running_arubaos_10Version 8.12.0.0: 8.12.0.1 and below — <=8.12.0.1+3

▶NVDhp/instantos8.10.0.0 — 8.10.0.13+1

▶NVDarubanetworks/arubaos10.4.0.0 — 10.4.1.2+1

🔴Vulnerability Details

GHSA

GHSA-9h4x-2mmw-9488: Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol↗2024-08-06

▶

CVEList

Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol↗2024-08-06

▶