CVE-2024-42396 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-42396 PUBLISHED CVSS 5.300000190734863 MEDIUM

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

EPSS 0.10% · 27.7th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.10%

27.7th percentile

Affected Products

Vendor	Product	Versions
Hewlett Packard Enterprise (HPE)	HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10	Version 8.12.0.0: 8.12.0.1 and below, Version 8.10.0.0: 8.10.0.12 and below
arubanetworks	instant	8.10.0.0, 8.12.0.0
hp	instantos	8.10.0.0, 8.12.0.0

Timeline

Jul 3, 2024 PoC Published
Aug 6, 2024 CVE Published
Aug 13, 2024 EPSS Score
Sep 2, 2024 EPSS Score
Sep 23, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 13, 2024 EPSS Score
Nov 2, 2024 EPSS Score
Nov 22, 2024 EPSS Score
Dec 14, 2024 EPSS Score
Jan 3, 2025 EPSS Score
Jan 23, 2025 EPSS Score

References

Open in Interactive Console →