CVE-2024-42394 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-42394 PUBLISHED CVSS 9.800000190734863 CRITICAL

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

EPSS 0.31% · 53.9th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.31%

53.9th percentile

Affected Products

Vendor	Product	Versions
Hewlett Packard Enterprise (HPE)	HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10	Version 8.12.0.0: 8.12.0.1 and below, Version 8.10.0.0: 8.10.0.12 and below
hp	instantos	8.12.0.0, 6.4.0.0
arubanetworks	arubaos	10.3.0.0, 10.5.0.0
hpe	arubaos	0, 0
hpe	aruba_networking_instantos	0, 0

Timeline

Jul 3, 2024 PoC Published
Aug 6, 2024 CVE Published
Aug 7, 2024 CVE Updated
Aug 13, 2024 EPSS Score
Sep 2, 2024 EPSS Score
Sep 23, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 13, 2024 EPSS Score
Nov 2, 2024 EPSS Score
Nov 22, 2024 EPSS Score
Dec 14, 2024 EPSS Score
Jan 3, 2025 EPSS Score

References

Open in Interactive Console →