Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for HPE Aruba Networking AirWave Management Platform by Hewlett Packard Enterprise (HPE)

    CVE-2024-54008 (GCVE-0-2024-54008)

    Vulnerability from nvd – Published: 2024-12-10 18:23 – Updated: 2024-12-11 14:04
    VLAI
    Title
    Authenticated Remote Code Execution (RCE) in HPE Aruba Networking AirWave Management Platform
    Summary
    An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    hpe
    Impacted products
    Date Public
    2024-12-10 18:23
    Credits
    super2233 (bugcrowd)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54008",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-11T14:04:51.269936Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-11T14:04:56.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking AirWave Management Platform",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "8.3.0.3",
                  "status": "affected",
                  "version": "8.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "super2233 (bugcrowd)"
            }
          ],
          "datePublic": "2024-12-10T18:23:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.\u003cbr\u003e"
                }
              ],
              "value": "An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T18:23:19.858Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04765en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04765",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Remote Code Execution (RCE) in HPE Aruba Networking AirWave Management Platform",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-54008",
        "datePublished": "2024-12-10T18:23:19.858Z",
        "dateReserved": "2024-11-26T21:55:16.390Z",
        "dateUpdated": "2024-12-11T14:04:56.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-54008 (GCVE-0-2024-54008)

    Vulnerability from cvelistv5 – Published: 2024-12-10 18:23 – Updated: 2024-12-11 14:04
    VLAI
    Title
    Authenticated Remote Code Execution (RCE) in HPE Aruba Networking AirWave Management Platform
    Summary
    An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    hpe
    Impacted products
    Date Public
    2024-12-10 18:23
    Credits
    super2233 (bugcrowd)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54008",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-11T14:04:51.269936Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-11T14:04:56.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking AirWave Management Platform",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "8.3.0.3",
                  "status": "affected",
                  "version": "8.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "super2233 (bugcrowd)"
            }
          ],
          "datePublic": "2024-12-10T18:23:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.\u003cbr\u003e"
                }
              ],
              "value": "An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T18:23:19.858Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04765en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW04765",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Remote Code Execution (RCE) in HPE Aruba Networking AirWave Management Platform",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2024-54008",
        "datePublished": "2024-12-10T18:23:19.858Z",
        "dateReserved": "2024-11-26T21:55:16.390Z",
        "dateUpdated": "2024-12-11T14:04:56.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }