CVE-2024-42509
published 2024-11-05CVE-2024-42509: Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined…
PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.98%
78.0th percentile
Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected or malformed UDP packets destined to port 8211 (PAPI protocol), which may indicate exploitation attempts targeting CVE-2024-42509. ↗
- →Alert on unauthenticated command injection attempts via the CLI service of Aruba Access Points, particularly traffic arriving over PAPI UDP port 8211 that results in privileged process execution. ↗
- →Aruba Networking Access Points running Instant AOS-8 and AOS-10 are the affected platforms; prioritize detection and patching on these devices. ↗
- ·The vulnerability is exploitable without authentication; no credentials or prior access are required for exploitation, meaning perimeter-only controls are insufficient if PAPI port 8211 is reachable. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
11th November – Threat Intelligence Report
blogs_checkpoint·2024-11-11
CVE-2024-20418 11th November – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 11th November – Threat Intelligence Report
Memorial Hospital and Manor in Bainbridge, Georgia, has been a victim of a ransomware attack that resulted in the loss of access to its electronic health record system. The Embargo ransomware gang has claimed responsibility, threatening to leak 1.15 terabytes of purportedly stolen data by November 8.
Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Wins.Embargo.*, Ransomware.Win.Embargo.*)
Serco, a company operating p
Bleepingcomputer
HPE warns of critical RCE flaws in Aruba Networking access points
blogs_bleepingcomputer·2024-11-07·CVSS 9.8
[CRITICAL] HPE warns of critical RCE flaws in Aruba Networking access points
## HPE warns of critical RCE flaws in Aruba Networking access points
## Bill Toulas
Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points.
The two security issues could allow a remote attacker to perform unauthenticated command injection by sending specially crafted packets to Aruba's Access Point management protocol (PAPI) over UDP port 8211.
The critical flaws are tracked as CVE-2024-42509 and CVE-2024-47460, and have been assessed with a severity score of 9.8 and 9.0, respectively. Both are in the command line interface (CLI) service, which is accessed via the PAPI protocol.
The update also fixes another four security vulnerabilities:
CVE-2024-47461 (7.2 severity score): aut
2024-11-05
Published