← back
CVE-2024-31470

CVE-2024-31470

CVSS 9.8 CRITICALEPSS 1.2%CWE-121
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 May 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Hewlett Packard Enterprise (HPE) · AOS-8 Instant and AOS-10 AP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_UShttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt