VDB
CVE-2024-42396
CVE-2024-42396
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
EPSS 0.10% · 27.3th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.10%
27.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 | Version 8.12.0.0: 8.12.0.1 and below, Version 8.10.0.0: 8.10.0.12 and below |
| arubanetworks | instant | 8.10.0.0, 8.12.0.0 |
| hp | instantos | 8.10.0.0, 8.12.0.0 |
Exploit Intelligence
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US (circl)
- exploit_cve_2024_6387.yara (github-yara)
- exploit_cve_2024_6387.yara (github-yara)
- exploit_cve_2024_6387.yara (github-yara)
- exploit_cve_2024_6387.yara (github-yara)
- exploit_cve_2024_6387.yara (github-yara)
Timeline
- Jul 3, 2024 PoC Published
- Aug 6, 2024 CVE Published
- Aug 13, 2024 EPSS Score
- Sep 3, 2024 EPSS Score
- Sep 24, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 14, 2024 EPSS Score
- Nov 4, 2024 EPSS Score
- Nov 25, 2024 EPSS Score
- Dec 17, 2024 EPSS Score
- Jan 7, 2025 EPSS Score
- Jan 28, 2025 EPSS Score
References
- https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04678.txt advisory
- https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbgn04674.txt advisory
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US url
- https://nvd.nist.gov/vuln/detail/CVE-2024-42396 advisory