CVE-2024-42393

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*

History

12 Aug 2024, 18:22

Type Values Removed Values Added
First Time Hp instantos
Arubanetworks arubaos
Arubanetworks
Hp
CPE cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
CWE CWE-787
References () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US - () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US - Vendor Advisory

07 Aug 2024, 15:17

Type Values Removed Values Added
Summary
  • (es) Existen vulnerabilidades en el Soft AP Daemon Service que podrían permitir que un actor de amenazas ejecute un ataque RCE no autenticado. Una explotación exitosa podría permitir a un atacante ejecutar comandos arbitrarios en el sistema operativo subyacente, lo que podría comprometer completamente el sistema.

06 Aug 2024, 20:35

Type Values Removed Values Added
CWE CWE-94

06 Aug 2024, 20:15

Type Values Removed Values Added
References
  • {'url': 'https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04678.txt', 'source': 'security-alert@hpe.com'}
  • () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US -

06 Aug 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 19:15

Updated : 2024-08-12 18:22


NVD link : CVE-2024-42393

Mitre link : CVE-2024-42393

CVE.ORG link : CVE-2024-42393


JSON object : View

Products Affected

arubanetworks

  • arubaos

hp

  • instantos
CWE
CWE-787

Out-of-bounds Write

CWE-94

Improper Control of Generation of Code ('Code Injection')