CVE-2024-42395

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*

History

12 Aug 2024, 18:23

Type Values Removed Values Added
References () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US - () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US - Vendor Advisory
CWE CWE-787
CPE cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
First Time Hp instantos
Arubanetworks arubaos
Arubanetworks
Hp

08 Aug 2024, 15:35

Type Values Removed Values Added
CWE CWE-295

07 Aug 2024, 15:17

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad en AP Certificate Management Service que podría permitir que un actor de amenazas ejecute un ataque RCE no autenticado. Una explotación exitosa podría permitir a un atacante ejecutar comandos arbitrarios en el sistema operativo subyacente, lo que podría comprometer completamente el sistema.

06 Aug 2024, 20:15

Type Values Removed Values Added
References
  • {'url': 'https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04678.txt', 'source': 'security-alert@hpe.com'}
  • () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US -

06 Aug 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 19:15

Updated : 2024-08-12 18:23


NVD link : CVE-2024-42395

Mitre link : CVE-2024-42395

CVE.ORG link : CVE-2024-42395


JSON object : View

Products Affected

arubanetworks

  • arubaos

hp

  • instantos
CWE
CWE-787

Out-of-bounds Write

CWE-295

Improper Certificate Validation