cbcvebase.
CVE-2024-42505
published 2024-09-25

CVE-2024-42505: Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets…

PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.50%
71.0th percentile
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Affected

4 ranges
VendorProductVersion rangeFixed in
hewlett_packard_enterprisearuba_osVersion 10.0.0.0: 10.4.1.13 and below – <=10.4.1.13
hewlett_packard_enterprisearuba_osVersion 10.5.0.0: 10.6.0.2 and below – <=10.6.0.2
hewlett_packard_enterprisearuba_osVersion 6.4.0.0: 8.10.0.13 and below – <=8.10.0.13
hewlett_packard_enterprisearuba_osVersion 8.11.0.0: 8.12.0.1 and below – <=8.12.0.1

Detection & IOCsextracted from sources · hover to see the quote

portUDP/8211
  • Monitor for unexpected or crafted UDP packets destined to port 8211 (PAPI protocol) from untrusted/external networks, which is the attack vector for CVE-2024-42505 exploitation.
  • For AOS-10 devices, blocking UDP/8211 from untrusted networks is the recommended workaround — use this as a detection boundary; any traffic hitting this port from untrusted segments should be treated as suspicious.
  • Successful exploitation results in arbitrary code execution as a privileged user — monitor Aruba Access Point processes for unexpected privileged command execution following inbound PAPI traffic.
  • ·Workaround for Instant AOS-8.x devices is to enable 'cluster-security', which blocks exploitation; absence of this setting leaves devices exposed.
  • ·Affected versions are specifically enumerated; devices on these versions without patches or workarounds are vulnerable: AOS-10.6.x.x 10.6.0.2 and below, AOS-10.4.x.x 10.4.1.3 and below, Instant AOS-8.12.x.x 8.12.0.1 and below, Instant AOS-8.10.x.x 8.10.0.13 and below.
  • ·Aruba Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways are confirmed NOT impacted — scope detection to Access Points only.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.