VDB

CISA-2024-42394

CISA-2024-42394 PUBLISHED CVSS 9.8 CRITICAL

Reported by hpe · Published August 6, 2024

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Risk Scores

CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Hewlett Packard Enterprise (HPE)HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10Version 8.12.0.0: 8.12.0.1 and below, Version 8.10.0.0: 8.10.0.12 and below
Hewlett Packard Enterprise (HPE)HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10Version 8.10.0.0: 8.10.0.12 and below, Version 8.12.0.0: 8.12.0.1 and below, Version 8.10.0.0: 8.10.0.12 and below
hpearuba_networking_instantos0, 0, 0
hpearubaos0, 0, 0

Timeline

  • Aug 6, 2024 CVE Published
  • Aug 6, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›