CVE-2024-42394

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*

History

12 Aug 2024, 18:23

Type Values Removed Values Added
References () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US - () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US - Vendor Advisory
CPE cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
First Time Hp instantos
Arubanetworks arubaos
Arubanetworks
Hp
CWE CWE-787

07 Aug 2024, 15:35

Type Values Removed Values Added
CWE CWE-200

07 Aug 2024, 15:17

Type Values Removed Values Added
Summary
  • (es) Existen vulnerabilidades en el Soft AP Daemon Service que podrían permitir que un actor de amenazas ejecute un ataque RCE no autenticado. Una explotación exitosa podría permitir a un atacante ejecutar comandos arbitrarios en el sistema operativo subyacente, lo que podría comprometer completamente el sistema.

06 Aug 2024, 20:15

Type Values Removed Values Added
References
  • {'url': 'https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04678.txt', 'source': 'security-alert@hpe.com'}
  • () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US -

06 Aug 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 19:15

Updated : 2024-08-12 18:23


NVD link : CVE-2024-42394

Mitre link : CVE-2024-42394

CVE.ORG link : CVE-2024-42394


JSON object : View

Products Affected

arubanetworks

  • arubaos

hp

  • instantos
CWE
CWE-787

Out-of-bounds Write

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor