Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for ArubaOS Wi-Fi Controllers and Campus/Remote Access Points by Hewlett Packard Enterprise (HPE)

    CVE-2024-25616 (GCVE-0-2024-25616)

    Vulnerability from nvd – Published: 2024-03-05 20:20 – Updated: 2024-11-07 17:05
    VLAI
    Summary
    Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    Credits
    Aruba Engineering
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T15:07:21.258099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T17:05:17.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.623Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Aruba Engineering"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\u003c/p\u003e"
                }
              ],
              "value": "Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:20:35.905Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25616",
        "datePublished": "2024-03-05T20:20:35.905Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2024-11-07T17:05:17.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25615 (GCVE-0-2024-25615)

    Vulnerability from nvd – Published: 2024-03-05 20:19 – Updated: 2025-03-27 20:13
    VLAI
    Summary
    An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.5.0.0 , ≤ 10.5.0.1 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.4.0.0 , ≤ 10.4.0.3 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.11.0.0 , ≤ 8.11.2.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.10.0.0 , ≤ 8.10.0.9 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.3.0.0 , < 10.4.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.9.0.0 , < 8.10.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.8.0.0 , < 8.9.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.6.0.0 , < 8.7.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 6.5.4.0 , < 6.5.5.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.6.0.4 , < 8.7.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    XiaoC from Moonlight Bug Hunter
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5.0.1",
                    "status": "affected",
                    "version": "10.5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.4.0.3",
                    "status": "affected",
                    "version": "10.4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.11.2.0",
                    "status": "affected",
                    "version": "8.11.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.10.0.9",
                    "status": "affected",
                    "version": "8.10.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "10.4.0.0",
                    "status": "affected",
                    "version": "10.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.10.0.0",
                    "status": "affected",
                    "version": "8.9.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.9.0.0",
                    "status": "affected",
                    "version": "8.8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "6.5.5.0",
                    "status": "affected",
                    "version": "6.5.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25615",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T14:07:39.073529Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T20:13:45.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "XiaoC from Moonlight Bug Hunter"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
                }
              ],
              "value": " An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:19:54.342Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25615",
        "datePublished": "2024-03-05T20:19:54.342Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2025-03-27T20:13:45.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25614 (GCVE-0-2024-25614)

    Vulnerability from nvd – Published: 2024-03-05 20:19 – Updated: 2024-10-29 20:21
    VLAI
    Summary
    There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    Credits
    Erik De Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25614",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T16:13:05.103424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T20:21:27.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik De Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. \u003c/p\u003e"
                }
              ],
              "value": "There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. \n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:19:09.850Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25614",
        "datePublished": "2024-03-05T20:19:09.850Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2024-10-29T20:21:27.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25613 (GCVE-0-2024-25613)

    Vulnerability from nvd – Published: 2024-03-05 20:17 – Updated: 2025-12-16 18:13
    VLAI
    Summary
    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.5.0.0 , ≤ 10.5.0.1 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.4.0.0 , ≤ 10.4.0.3 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.11.0.0 , ≤ 8.11.2.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.10.0.0 , ≤ 8.10.0.9 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.3.0.0 , < 10.4.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.9.0.0 , < 8.10.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.8.0.0 , < 8.9.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.6.0.0 , < 8.7.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 6.5.4.0 , < 6.5.5.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.6.0.4 , < 8.7.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik De Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5.0.1",
                    "status": "affected",
                    "version": "10.5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.4.0.3",
                    "status": "affected",
                    "version": "10.4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.11.2.0",
                    "status": "affected",
                    "version": "8.11.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.10.0.9",
                    "status": "affected",
                    "version": "8.10.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "10.4.0.0",
                    "status": "affected",
                    "version": "10.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.10.0.0",
                    "status": "affected",
                    "version": "8.9.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.9.0.0",
                    "status": "affected",
                    "version": "8.8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "6.5.5.0",
                    "status": "affected",
                    "version": "6.5.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25613",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T16:13:38.968345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T18:13:17.523Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik De Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
                }
              ],
              "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:17:55.396Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25613",
        "datePublished": "2024-03-05T20:17:55.396Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2025-12-16T18:13:17.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-25612 (GCVE-0-2024-25612)

    Vulnerability from nvd – Published: 2024-03-05 20:16 – Updated: 2024-08-01 23:44
    VLAI
    Summary
    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.5.0.0 , ≤ 10.5.0.1 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.4.0.0 , ≤ 10.4.0.3 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.11.0.0 , ≤ 8.11.2.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.10.0.0 , ≤ 8.10.0.9 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.3.0.0 , < 10.4.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.9.0.0 , < 8.10.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.8.0.0 , < 8.9.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.6.0.0 , < 8.7.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 6.5.4.0 , < 6.5.5.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.6.0.4 , < 8.7.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik De Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5.0.1",
                    "status": "affected",
                    "version": "10.5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.4.0.3",
                    "status": "affected",
                    "version": "10.4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.11.2.0",
                    "status": "affected",
                    "version": "8.11.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.10.0.9",
                    "status": "affected",
                    "version": "8.10.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "10.4.0.0",
                    "status": "affected",
                    "version": "10.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.10.0.0",
                    "status": "affected",
                    "version": "8.9.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.9.0.0",
                    "status": "affected",
                    "version": "8.8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "6.5.5.0",
                    "status": "affected",
                    "version": "6.5.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25612",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-29T04:00:14.484061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-20T19:16:50.630Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik De Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
                }
              ],
              "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:16:59.563Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25612",
        "datePublished": "2024-03-05T20:16:59.563Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2024-08-01T23:44:09.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25611 (GCVE-0-2024-25611)

    Vulnerability from nvd – Published: 2024-03-05 20:16 – Updated: 2024-08-01 23:44
    VLAI
    Summary
    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.5.0.0 , ≤ 10.5.0.1 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.4.0.0 , ≤ 10.4.0.3 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.11.0.0 , ≤ 8.11.2.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.10.0.0 , ≤ 8.10.0.9 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.3.0.0 , < 10.4.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.9.0.0 , < 8.10.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.8.0.0 , < 8.9.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.6.0.0 , < 8.7.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 6.5.4.0 , < 6.5.5.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.6.0.4 , < 8.7.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik De Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5.0.1",
                    "status": "affected",
                    "version": "10.5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.4.0.3",
                    "status": "affected",
                    "version": "10.4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.11.2.0",
                    "status": "affected",
                    "version": "8.11.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.10.0.9",
                    "status": "affected",
                    "version": "8.10.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "10.4.0.0",
                    "status": "affected",
                    "version": "10.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.10.0.0",
                    "status": "affected",
                    "version": "8.9.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.9.0.0",
                    "status": "affected",
                    "version": "8.8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "6.5.5.0",
                    "status": "affected",
                    "version": "6.5.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25611",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-11T04:00:55.490662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-20T19:17:25.156Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.733Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik De Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
                }
              ],
              "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:16:02.870Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25611",
        "datePublished": "2024-03-05T20:16:02.870Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2024-08-01T23:44:09.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1356 (GCVE-0-2024-1356)

    Vulnerability from nvd – Published: 2024-03-05 20:14 – Updated: 2024-08-01 18:33
    VLAI
    Summary
    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.5.0.0 , ≤ 10.5.0.1 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.4.0.0 , ≤ 10.4.0.3 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.11.0.0 , ≤ 8.11.2.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.10.0.0 , ≤ 8.10.0.9 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.3.0.0 , < 10.4.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.9.0.0 , < 8.10.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.8.0.0 , < 8.9.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.6.0.0 , < 8.7.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 6.5.4.0 , < 6.5.5.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.6.0.4 , < 8.7.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik De Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5.0.1",
                    "status": "affected",
                    "version": "10.5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.4.0.3",
                    "status": "affected",
                    "version": "10.4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.11.2.0",
                    "status": "affected",
                    "version": "8.11.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.10.0.9",
                    "status": "affected",
                    "version": "8.10.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "10.4.0.0",
                    "status": "affected",
                    "version": "10.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.10.0.0",
                    "status": "affected",
                    "version": "8.9.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.9.0.0",
                    "status": "affected",
                    "version": "8.8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "6.5.5.0",
                    "status": "affected",
                    "version": "6.5.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-29T04:00:15.641283Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-20T19:17:58.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:25.382Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik De Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
                }
              ],
              "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:14:37.530Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-1356",
        "datePublished": "2024-03-05T20:14:37.530Z",
        "dateReserved": "2024-02-08T18:15:17.017Z",
        "dateUpdated": "2024-08-01T18:33:25.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25616 (GCVE-0-2024-25616)

    Vulnerability from cvelistv5 – Published: 2024-03-05 20:20 – Updated: 2024-11-07 17:05
    VLAI
    Summary
    Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    Credits
    Aruba Engineering
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T15:07:21.258099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T17:05:17.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.623Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Aruba Engineering"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\u003c/p\u003e"
                }
              ],
              "value": "Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:20:35.905Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25616",
        "datePublished": "2024-03-05T20:20:35.905Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2024-11-07T17:05:17.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25615 (GCVE-0-2024-25615)

    Vulnerability from cvelistv5 – Published: 2024-03-05 20:19 – Updated: 2025-03-27 20:13
    VLAI
    Summary
    An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.5.0.0 , ≤ 10.5.0.1 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.4.0.0 , ≤ 10.4.0.3 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.11.0.0 , ≤ 8.11.2.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.10.0.0 , ≤ 8.10.0.9 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.3.0.0 , < 10.4.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.9.0.0 , < 8.10.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.8.0.0 , < 8.9.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.6.0.0 , < 8.7.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 6.5.4.0 , < 6.5.5.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.6.0.4 , < 8.7.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    XiaoC from Moonlight Bug Hunter
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5.0.1",
                    "status": "affected",
                    "version": "10.5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.4.0.3",
                    "status": "affected",
                    "version": "10.4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.11.2.0",
                    "status": "affected",
                    "version": "8.11.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.10.0.9",
                    "status": "affected",
                    "version": "8.10.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "10.4.0.0",
                    "status": "affected",
                    "version": "10.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.10.0.0",
                    "status": "affected",
                    "version": "8.9.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.9.0.0",
                    "status": "affected",
                    "version": "8.8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "6.5.5.0",
                    "status": "affected",
                    "version": "6.5.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25615",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T14:07:39.073529Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T20:13:45.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "XiaoC from Moonlight Bug Hunter"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
                }
              ],
              "value": " An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:19:54.342Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25615",
        "datePublished": "2024-03-05T20:19:54.342Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2025-03-27T20:13:45.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25614 (GCVE-0-2024-25614)

    Vulnerability from cvelistv5 – Published: 2024-03-05 20:19 – Updated: 2024-10-29 20:21
    VLAI
    Summary
    There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    Credits
    Erik De Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25614",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T16:13:05.103424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T20:21:27.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik De Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. \u003c/p\u003e"
                }
              ],
              "value": "There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. \n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:19:09.850Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25614",
        "datePublished": "2024-03-05T20:19:09.850Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2024-10-29T20:21:27.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25613 (GCVE-0-2024-25613)

    Vulnerability from cvelistv5 – Published: 2024-03-05 20:17 – Updated: 2025-12-16 18:13
    VLAI
    Summary
    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.5.0.0 , ≤ 10.5.0.1 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.4.0.0 , ≤ 10.4.0.3 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.11.0.0 , ≤ 8.11.2.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.10.0.0 , ≤ 8.10.0.9 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.3.0.0 , < 10.4.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.9.0.0 , < 8.10.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.8.0.0 , < 8.9.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.6.0.0 , < 8.7.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 6.5.4.0 , < 6.5.5.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.6.0.4 , < 8.7.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik De Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5.0.1",
                    "status": "affected",
                    "version": "10.5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.4.0.3",
                    "status": "affected",
                    "version": "10.4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.11.2.0",
                    "status": "affected",
                    "version": "8.11.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.10.0.9",
                    "status": "affected",
                    "version": "8.10.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "10.4.0.0",
                    "status": "affected",
                    "version": "10.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.10.0.0",
                    "status": "affected",
                    "version": "8.9.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.9.0.0",
                    "status": "affected",
                    "version": "8.8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "6.5.5.0",
                    "status": "affected",
                    "version": "6.5.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25613",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T16:13:38.968345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T18:13:17.523Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik De Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
                }
              ],
              "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:17:55.396Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25613",
        "datePublished": "2024-03-05T20:17:55.396Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2025-12-16T18:13:17.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-25612 (GCVE-0-2024-25612)

    Vulnerability from cvelistv5 – Published: 2024-03-05 20:16 – Updated: 2024-08-01 23:44
    VLAI
    Summary
    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.5.0.0 , ≤ 10.5.0.1 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.4.0.0 , ≤ 10.4.0.3 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.11.0.0 , ≤ 8.11.2.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.10.0.0 , ≤ 8.10.0.9 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.3.0.0 , < 10.4.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.9.0.0 , < 8.10.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.8.0.0 , < 8.9.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.6.0.0 , < 8.7.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 6.5.4.0 , < 6.5.5.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.6.0.4 , < 8.7.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik De Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5.0.1",
                    "status": "affected",
                    "version": "10.5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.4.0.3",
                    "status": "affected",
                    "version": "10.4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.11.2.0",
                    "status": "affected",
                    "version": "8.11.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.10.0.9",
                    "status": "affected",
                    "version": "8.10.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "10.4.0.0",
                    "status": "affected",
                    "version": "10.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.10.0.0",
                    "status": "affected",
                    "version": "8.9.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.9.0.0",
                    "status": "affected",
                    "version": "8.8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "6.5.5.0",
                    "status": "affected",
                    "version": "6.5.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25612",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-29T04:00:14.484061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-20T19:16:50.630Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik De Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
                }
              ],
              "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:16:59.563Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25612",
        "datePublished": "2024-03-05T20:16:59.563Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2024-08-01T23:44:09.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25611 (GCVE-0-2024-25611)

    Vulnerability from cvelistv5 – Published: 2024-03-05 20:16 – Updated: 2024-08-01 23:44
    VLAI
    Summary
    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.5.0.0 , ≤ 10.5.0.1 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.4.0.0 , ≤ 10.4.0.3 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.11.0.0 , ≤ 8.11.2.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.10.0.0 , ≤ 8.10.0.9 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.3.0.0 , < 10.4.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.9.0.0 , < 8.10.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.8.0.0 , < 8.9.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.6.0.0 , < 8.7.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 6.5.4.0 , < 6.5.5.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.6.0.4 , < 8.7.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik De Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5.0.1",
                    "status": "affected",
                    "version": "10.5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.4.0.3",
                    "status": "affected",
                    "version": "10.4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.11.2.0",
                    "status": "affected",
                    "version": "8.11.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.10.0.9",
                    "status": "affected",
                    "version": "8.10.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "10.4.0.0",
                    "status": "affected",
                    "version": "10.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.10.0.0",
                    "status": "affected",
                    "version": "8.9.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.9.0.0",
                    "status": "affected",
                    "version": "8.8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "6.5.5.0",
                    "status": "affected",
                    "version": "6.5.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25611",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-11T04:00:55.490662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-20T19:17:25.156Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.733Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik De Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
                }
              ],
              "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:16:02.870Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-25611",
        "datePublished": "2024-03-05T20:16:02.870Z",
        "dateReserved": "2024-02-08T18:08:46.265Z",
        "dateUpdated": "2024-08-01T23:44:09.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1356 (GCVE-0-2024-1356)

    Vulnerability from cvelistv5 – Published: 2024-03-05 20:14 – Updated: 2024-08-01 18:33
    VLAI
    Summary
    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Affected: ArubaOS 10.5.x.x: 10.5.0.1 and below
    Affected: ArubaOS 10.4.x.x: 10.4.0.3 and below
    Affected: ArubaOS 8.11.x.x: 8.11.2.0 and below
    Affected: ArubaOS 8.10.x.x: 8.10.0.9 and below
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.5.0.0 , ≤ 10.5.0.1 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.4.0.0 , ≤ 10.4.0.3 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.11.0.0 , ≤ 8.11.2.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.10.0.0 , ≤ 8.10.0.9 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 10.3.0.0 , < 10.4.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.9.0.0 , < 8.10.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.8.0.0 , < 8.9.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 8.6.0.0 , < 8.7.0.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks arubaos Affected: 6.5.4.0 , < 6.5.5.0 (custom)
        cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.7.0.0 , < 8.8.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    arubanetworks sd-wan Affected: 8.6.0.4 , < 8.7.0.0 (custom)
        cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Erik De Jong (bugcrowd.com/erikdejong)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.5.0.1",
                    "status": "affected",
                    "version": "10.5.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "10.4.0.3",
                    "status": "affected",
                    "version": "10.4.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.11.2.0",
                    "status": "affected",
                    "version": "8.11.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThanOrEqual": "8.10.0.9",
                    "status": "affected",
                    "version": "8.10.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "10.4.0.0",
                    "status": "affected",
                    "version": "10.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.10.0.0",
                    "status": "affected",
                    "version": "8.9.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.9.0.0",
                    "status": "affected",
                    "version": "8.8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "arubaos",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "6.5.5.0",
                    "status": "affected",
                    "version": "6.5.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.8.0.0",
                    "status": "affected",
                    "version": "8.7.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "sd-wan",
                "vendor": "arubanetworks",
                "versions": [
                  {
                    "lessThan": "8.7.0.0",
                    "status": "affected",
                    "version": "8.6.0.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-29T04:00:15.641283Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-20T19:17:58.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:25.382Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
                },
                {
                  "status": "affected",
                  "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Erik De Jong (bugcrowd.com/erikdejong)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
                }
              ],
              "value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T20:14:37.530Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-1356",
        "datePublished": "2024-03-05T20:14:37.530Z",
        "dateReserved": "2024-02-08T18:15:17.017Z",
        "dateUpdated": "2024-08-01T18:33:25.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }