CVE-2024-42503

Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Command Line Interface (CLI)

CVSS 7.2 HIGHEPSS 1.5%CWE-78

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.2EPSS 1.5%KEV nãoPoC —Patch —

Lifecycle

Sep 17, 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Hewlett Packard Enterprise (HPE) · Aruba OS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US