VDB
CISA-2024-42394
CISA-2024-42394
PUBLISHED
CVSS 9.8 CRITICAL
Reported by hpe · Published August 6, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
Risk Scores
CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 | Version 8.12.0.0: 8.12.0.1 and below, Version 8.10.0.0: 8.10.0.12 and below |
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 | Version 8.10.0.0: 8.10.0.12 and below, Version 8.12.0.0: 8.12.0.1 and below, Version 8.10.0.0: 8.10.0.12 and below |
| hpe | aruba_networking_instantos | 0, 0, 0 |
| hpe | arubaos | 0, 0, 0 |
Timeline
- Aug 6, 2024 CVE Published
- Aug 6, 2024 CVE Updated