CVE-2024-42502

{"id": "CVE-2024-42502", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-09-17T18:15:04.527", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US", "source": "security-alert@hpe.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos de ArubaOS. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de inyectar comandos de shell en el sistema operativo subyacente."}], "lastModified": "2024-09-20T12:30:51.220", "sourceIdentifier": "security-alert@hpe.com"}