CVE-2024-42507
published 2024-09-25CVE-2024-42507: Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.43%
69.7th percentile
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hewlett_packard_enterprise | aruba_os | Version 10.0.0.0: 10.4.1.13 and below – <=10.4.1.13 | — |
| hewlett_packard_enterprise | aruba_os | Version 10.5.0.0: 10.6.0.2 and below – <=10.6.0.2 | — |
| hewlett_packard_enterprise | aruba_os | Version 6.4.0.0: 8.10.0.13 and below – <=8.10.0.13 | — |
| hewlett_packard_enterprise | aruba_os | Version 8.11.0.0: 8.12.0.1 and below – <=8.12.0.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected or crafted UDP packets destined to port 8211 (PAPI protocol) from untrusted/external networks, which is the attack vector for CVE-2024-42507 exploitation. ↗
- →For AOS-10 devices, blocking UDP/8211 from untrusted networks is the recommended workaround — use this as a detection boundary; any traffic hitting this port from untrusted segments should be treated as suspicious. ↗
- →Target vulnerable Aruba Access Points running Instant AOS-8 and AOS-10; prioritize detection on devices running AOS-10.6.x.x: 10.6.0.2 and below, AOS-10.4.x.x: 10.4.1.3 and below, Instant AOS-8.12.x.x: 8.12.0.1 and below, Instant AOS-8.10.x.x: 8.10.0.13 and below. ↗
- →Exploitation results in arbitrary code execution as a privileged user; monitor for anomalous privileged process spawning from the CLI service on Aruba Access Points post UDP/8211 traffic. ↗
- ·For Instant AOS-8.x devices, enabling 'cluster-security' is a temporary workaround to block exploitation; this is not a fix and patching is still required. ↗
- ·Aruba Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways are confirmed NOT impacted; scope detection efforts to Access Points only. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2024-09-25
Published