Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0408
Vulnerability from certfr_avis - Published: 2024-05-15 - Updated: 2024-05-15
De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Points d'accès Aruba avec ArubaOS versions 10.4.x.x antérieures à 10.4.1.1
- Points d'accès Aruba avec ArubaOS versions 10.5.x.x antérieures à 10.5.1.1
- Points d'accès Aruba avec InstantOS versions 8.10.x.x antérieures à 8.10.0.11
- Points d'accès Aruba avec InstantOS versions 8.11.x.x antérieures à 8.11.2.2
- Points d'accès Aruba avec InstantOS versions 8.6.x.x antérieures à 8.6.0.24
Les points d'accès Aruba avec les versions logicielles suivantes ne bénéficieront pas de correctifs de sécurité : ArubaOS versions 10.3.x.x, InstantOS versions 8.9.x.x, 8.8.x.x, 8.7.x.x, 8.5.x.x, 8.4.x.x, 6.5.x.x et 6.4.x.x.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003ePoints d\u0027acc\u00e8s Aruba avec ArubaOS versions 10.4.x.x ant\u00e9rieures \u00e0 10.4.1.1\u003c/li\u003e \u003cli\u003ePoints d\u0027acc\u00e8s Aruba avec ArubaOS versions 10.5.x.x ant\u00e9rieures \u00e0 10.5.1.1\u003c/li\u003e \u003cli\u003ePoints d\u0027acc\u00e8s Aruba avec InstantOS versions 8.10.x.x ant\u00e9rieures \u00e0 8.10.0.11\u003c/li\u003e \u003cli\u003ePoints d\u0027acc\u00e8s Aruba avec InstantOS versions 8.11.x.x ant\u00e9rieures \u00e0 8.11.2.2\u003c/li\u003e \u003cli\u003ePoints d\u0027acc\u00e8s Aruba avec InstantOS versions 8.6.x.x ant\u00e9rieures \u00e0 8.6.0.24\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes points d\u0027acc\u00e8s Aruba avec les versions logicielles suivantes ne b\u00e9n\u00e9ficieront pas de correctifs de s\u00e9curit\u00e9 : ArubaOS versions 10.3.x.x, InstantOS versions 8.9.x.x, 8.8.x.x, 8.7.x.x, 8.5.x.x, 8.4.x.x, 6.5.x.x et 6.4.x.x.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-31478",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31478"
},
{
"name": "CVE-2024-31481",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31481"
},
{
"name": "CVE-2024-31466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31466"
},
{
"name": "CVE-2024-31479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31479"
},
{
"name": "CVE-2024-31482",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31482"
},
{
"name": "CVE-2024-31468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31468"
},
{
"name": "CVE-2024-31474",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31474"
},
{
"name": "CVE-2024-31467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31467"
},
{
"name": "CVE-2024-31480",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31480"
},
{
"name": "CVE-2024-31469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31469"
},
{
"name": "CVE-2024-31470",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31470"
},
{
"name": "CVE-2024-31472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31472"
},
{
"name": "CVE-2024-31475",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31475"
},
{
"name": "CVE-2024-31471",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31471"
},
{
"name": "CVE-2024-31483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31483"
},
{
"name": "CVE-2024-31473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31473"
},
{
"name": "CVE-2024-31477",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31477"
},
{
"name": "CVE-2024-31476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31476"
}
],
"initial_release_date": "2024-05-15T00:00:00",
"last_revision_date": "2024-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0408",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits HPE\nAruba Networking. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits HPE Aruba Networking",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HPE Aruba Networking ARUBA-PSA-2024-006 du 14 mai 2024",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
]
}
CVE-2024-31476 (GCVE-0-2024-31476)
Vulnerability from cvelistv5 – Published: 2024-05-14 22:31 – Updated: 2025-06-24 15:14
VLAI
EPSS
Summary
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(semver)
Affected: 10.4.0.0 , ≤ 10.4.1.0 (semver) Affected: 8.11.0.0 , ≤ 8.11.2.1 (semver) Affected: 8.10.0.0 , ≤ 8.10.0.10 (semver) Affected: 8.6.0.0 , ≤ 8.6.0.23 (semver) |
|
| arubanetworks | arubaos |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.4.0.0 , ≤ 10.4.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.10.0.0 , ≤ 8.10.0.10
(custom)
cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.11.0.0 , ≤ 8.11.2.1
(custom)
cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.6.0.0 , ≤ 8.6.0.23
(custom)
cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.3.0.0 , < 10.4.0.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.9.0.0 , < 8.10.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.8.0.0 , < 8.9.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.5.0.0 , < 8.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.7.0.0 , < 8.8.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.4.0.0 , < 8.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.5.0.0 , < 6.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.4.0.0 , < 6.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:* |
Credits
Chancen
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:34.232578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:58:41.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:14:48.403Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31476",
"datePublished": "2024-05-14T22:31:22.072Z",
"dateReserved": "2024-04-03T21:21:22.897Z",
"dateUpdated": "2025-06-24T15:14:48.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31477 (GCVE-0-2024-31477)
Vulnerability from cvelistv5 – Published: 2024-05-14 22:32 – Updated: 2025-06-24 15:15
VLAI
EPSS
Summary
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(semver)
Affected: 10.4.0.0 , ≤ 10.4.1.0 (semver) Affected: 8.11.0.0 , ≤ 8.11.2.1 (semver) Affected: 8.10.0.0 , ≤ 8.10.0.10 (semver) Affected: 8.6.0.0 , ≤ 8.6.0.23 (semver) |
|
| arubanetworks | arubaos |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.4.0.0 , ≤ 10.4.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.10.0.0 , ≤ 8.10.0.10
(custom)
cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.11.0.0 , ≤ 8.11.2.1
(custom)
cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.6.0.0 , ≤ 8.6.0.23
(custom)
cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.3.0.0 , < 10.4.0.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.9.0.0 , < 8.10.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.8.0.0 , < 8.9.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.5.0.0 , < 8.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.7.0.0 , < 8.8.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.4.0.0 , < 8.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.5.0.0 , < 6.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.4.0.0 , < 6.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:* |
Credits
Erik De Jong (bugcrowd.com/erikdejong)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T04:00:34.951992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:59:03.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:15:50.694Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31477",
"datePublished": "2024-05-14T22:32:06.557Z",
"dateReserved": "2024-04-03T21:21:22.897Z",
"dateUpdated": "2025-06-24T15:15:50.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31478 (GCVE-0-2024-31478)
Vulnerability from cvelistv5 – Published: 2024-05-14 22:32 – Updated: 2025-06-24 15:01
VLAI
EPSS
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(semver)
Affected: 10.4.0.0 , ≤ 10.4.1.0 (semver) Affected: 8.11.0.0 , ≤ 8.11.2.1 (semver) Affected: 8.10.0.0 , ≤ 8.10.0.10 (semver) Affected: 8.6.0.0 , ≤ 8.6.0.23 (semver) |
|
| arubanetworks | arubaos |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.4.0.0 , ≤ 10.4.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.10.0.0 , ≤ 8.10.0.10
(custom)
cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.11.0.0 , ≤ 8.11.2.1
(custom)
cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.6.0.0 , ≤ 8.6.0.23
(custom)
cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.3.0.0 , < 10.4.0.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.9.0.0 , < 8.10.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.8.0.0 , < 8.9.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.5.0.0 , < 8.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.7.0.0 , < 8.8.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.4.0.0 , < 8.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.5.0.0 , < 6.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.4.0.0 , < 6.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:* |
Credits
Chancen
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:41:22.094004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:00:19.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point.\u003c/p\u003e"
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:01:43.100Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31478",
"datePublished": "2024-05-14T22:32:51.129Z",
"dateReserved": "2024-04-03T21:21:22.897Z",
"dateUpdated": "2025-06-24T15:01:43.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31479 (GCVE-0-2024-31479)
Vulnerability from cvelistv5 – Published: 2024-05-14 22:33 – Updated: 2025-06-24 15:17
VLAI
EPSS
Summary
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(semver)
Affected: 10.4.0.0 , ≤ 10.4.1.0 (semver) Affected: 8.11.0.0 , ≤ 8.11.2.1 (semver) Affected: 8.10.0.0 , ≤ 8.10.0.10 (semver) Affected: 8.6.0.0 , ≤ 8.6.0.23 (semver) |
|
| arubanetworks | arubaos |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.4.0.0 , ≤ 10.4.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.10.0.0 , ≤ 8.10.0.10
(custom)
cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.11.0.0 , ≤ 8.11.2.1
(custom)
cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.6.0.0 , ≤ 8.6.0.23
(custom)
cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.3.0.0 , < 10.4.0.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.9.0.0 , < 8.10.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.8.0.0 , < 8.9.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.5.0.0 , < 8.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.7.0.0 , < 8.8.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.4.0.0 , < 8.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.5.0.0 , < 6.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.4.0.0 , < 6.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:* |
Credits
Chancen
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:25:35.184663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:00:39.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:17:14.638Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31479",
"datePublished": "2024-05-14T22:33:38.302Z",
"dateReserved": "2024-04-03T21:21:22.898Z",
"dateUpdated": "2025-06-24T15:17:14.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31480 (GCVE-0-2024-31480)
Vulnerability from cvelistv5 – Published: 2024-05-14 22:34 – Updated: 2025-06-24 15:19
VLAI
EPSS
Summary
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(semver)
Affected: 10.4.0.0 , ≤ 10.4.1.0 (semver) Affected: 8.11.0.0 , ≤ 8.11.2.1 (semver) Affected: 8.10.0.0 , ≤ 8.10.0.10 (semver) Affected: 8.6.0.0 , ≤ 8.6.0.23 (semver) |
|
| arubanetworks | arubaos |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.4.0.0 , ≤ 10.4.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.10.0.0 , ≤ 8.10.0.10
(custom)
cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.11.0.0 , ≤ 8.11.2.1
(custom)
cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.6.0.0 , ≤ 8.6.0.23
(custom)
cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.3.0.0 , < 10.4.0.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.9.0.0 , < 8.10.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.8.0.0 , < 8.9.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.5.0.0 , < 8.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.7.0.0 , < 8.8.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.4.0.0 , < 8.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.5.0.0 , < 6.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.4.0.0 , < 6.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:* |
Credits
Chancen
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:42:01.200373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:01:00.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:19:49.638Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31480",
"datePublished": "2024-05-14T22:34:42.949Z",
"dateReserved": "2024-04-03T21:21:22.898Z",
"dateUpdated": "2025-06-24T15:19:49.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31481 (GCVE-0-2024-31481)
Vulnerability from cvelistv5 – Published: 2024-05-14 22:35 – Updated: 2025-06-24 15:21
VLAI
EPSS
Summary
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(semver)
Affected: 10.4.0.0 , ≤ 10.4.1.0 (semver) Affected: 8.11.0.0 , ≤ 8.11.2.1 (semver) Affected: 8.10.0.0 , ≤ 8.10.0.10 (semver) Affected: 8.6.0.0 , ≤ 8.6.0.23 (semver) |
|
| arubanetworks | arubaos |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.4.0.0 , ≤ 10.4.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.10.0.0 , ≤ 8.10.0.10
(custom)
cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.11.0.0 , ≤ 8.11.2.1
(custom)
cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.6.0.0 , ≤ 8.6.0.23
(custom)
cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.3.0.0 , < 10.4.0.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.9.0.0 , < 8.10.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.8.0.0 , < 8.9.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.5.0.0 , < 8.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.7.0.0 , < 8.8.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.4.0.0 , < 8.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.5.0.0 , < 6.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.4.0.0 , < 6.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:* |
Credits
Chancen
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:42:47.657209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:01:20.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.\u003c/p\u003e"
}
],
"value": "Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:21:48.806Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31481",
"datePublished": "2024-05-14T22:35:29.359Z",
"dateReserved": "2024-04-03T21:21:22.898Z",
"dateUpdated": "2025-06-24T15:21:48.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31482 (GCVE-0-2024-31482)
Vulnerability from cvelistv5 – Published: 2024-05-14 22:36 – Updated: 2025-06-24 15:22
VLAI
EPSS
Summary
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(semver)
Affected: 10.4.0.0 , ≤ 10.4.1.0 (semver) Affected: 8.11.0.0 , ≤ 8.11.2.1 (semver) Affected: 8.10.0.0 , ≤ 8.10.0.10 (semver) Affected: 8.6.0.0 , ≤ 8.6.0.23 (semver) |
|
| arubanetworks | arubaos |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.4.0.0 , ≤ 10.4.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.10.0.0 , ≤ 8.10.0.10
(custom)
cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.11.0.0 , ≤ 8.11.2.1
(custom)
cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.6.0.0 , ≤ 8.6.0.23
(custom)
cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.3.0.0 , < 10.4.0.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.9.0.0 , < 8.10.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.8.0.0 , < 8.9.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.5.0.0 , < 8.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.7.0.0 , < 8.8.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.4.0.0 , < 8.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.5.0.0 , < 6.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.4.0.0 , < 6.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:* |
Credits
Chancen
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:43:20.652798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:01:42.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.\u003c/p\u003e"
}
],
"value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:22:57.371Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31482",
"datePublished": "2024-05-14T22:36:10.770Z",
"dateReserved": "2024-04-03T21:21:22.898Z",
"dateUpdated": "2025-06-24T15:22:57.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31483 (GCVE-0-2024-31483)
Vulnerability from cvelistv5 – Published: 2024-05-14 22:37 – Updated: 2025-06-24 15:23
VLAI
EPSS
Summary
An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-8 Instant and AOS-10 AP |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(semver)
Affected: 10.4.0.0 , ≤ 10.4.1.0 (semver) Affected: 8.11.0.0 , ≤ 8.11.2.1 (semver) Affected: 8.10.0.0 , ≤ 8.10.0.10 (semver) Affected: 8.6.0.0 , ≤ 8.6.0.23 (semver) |
|
| arubanetworks | arubaos |
Affected:
10.5.0.0 , ≤ 10.5.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.4.0.0 , ≤ 10.4.1.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.10.0.0 , ≤ 8.10.0.10
(custom)
cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.11.0.0 , ≤ 8.11.2.1
(custom)
cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.6.0.0 , ≤ 8.6.0.23
(custom)
cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | arubaos |
Affected:
10.3.0.0 , < 10.4.0.0
(custom)
cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.9.0.0 , < 8.10.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.8.0.0 , < 8.9.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.5.0.0 , < 8.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.7.0.0 , < 8.8.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
8.4.0.0 , < 8.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.5.0.0 , < 6.6.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:* |
|
| arubanetworks | instant |
Affected:
6.4.0.0 , < 6.5.0.0
(custom)
cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:* |
Credits
Chancen
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.5.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:43:52.164471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T15:12:51.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AOS-8 Instant and AOS-10 AP",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.5.1.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.1.0",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.2.1",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0.10",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0.23",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chancen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\u003c/p\u003e"
}
],
"value": "An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:23:49.047Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04647",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-31483",
"datePublished": "2024-05-14T22:37:06.652Z",
"dateReserved": "2024-04-03T21:21:22.898Z",
"dateUpdated": "2025-06-24T15:23:49.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…