HP Instantos

Unauth DoS in Soft AP Daemon via PAPI Prevents AP Functionality
CVE-2024-42400 5.3 - Medium - August 06, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Soft AP daemon PAPI DoS: Unauthenticated exploitation
CVE-2024-42399 5.3 - Medium - August 06, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Unauthenticated DoS via Soft AP PAPI Exploit
CVE-2024-42398 5.3 - Medium - August 06, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

CVE-2024-42395: AP Cert Mgmt Service Unauth RCE
CVE-2024-42395 9.8 - Critical - August 06, 2024

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Memory Corruption

Unauth RCE via Soft AP Daemon Service
CVE-2024-42394 9.8 - Critical - August 06, 2024

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Memory Corruption

Unauthenticated RCE in Soft AP Daemon Service (CVE-2024-42393)
CVE-2024-42393 9.8 - Critical - August 06, 2024

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Memory Corruption

Cisco AP Certificate Management Daemon DoS via PAPI
CVE-2024-42397 5.3 - Medium - August 06, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Unauthenticated DoS in AP Cert Mgmt Daemon via PAPI
CVE-2024-42396 5.3 - Medium - August 06, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Aruba AP CLI Arbitrary File Deletion via PAPI
CVE-2024-31474 8.2 - High - May 14, 2024

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point

ArubaAP CLI Buffer Overflow Enables Unauth RCE via PAPI UDP
CVE-2024-31467 9.8 - Critical - May 14, 2024

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

BF in Aruba Central Comm svc -> unauth RCE via PAPI UDP 8211
CVE-2024-31468 9.8 - Critical - May 14, 2024

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Buffer Overflow in Aruba Central Comm Service (PAPI) UDP 8211 -> RCE
CVE-2024-31469 9.8 - Critical - May 14, 2024

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Aruba AP SAE Buffer Overflow Enables RCE via PAPI UDP
CVE-2024-31470 9.8 - Critical - May 14, 2024

There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVE-2024-31471 Aruba Central Comm PAPI UDP Command Injection
CVE-2024-31471 9.8 - Critical - May 14, 2024

There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Aruba Soft AP Daemon: UDP 8211 CoI Exploits PAPI (CVE-2024-31472)
CVE-2024-31472 9.8 - Critical - May 14, 2024

There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVE-2024-31483: Authenticated Info Leak via CLI PAPI Service allowing OS file read
CVE-2024-31483 6.5 - Medium - May 14, 2024

An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.

Unauthenticated DoS via ANSI Escape in PAPI Service
CVE-2024-31482 7.5 - High - May 14, 2024

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.

Unauthenticated DoS via PAPI CLI Service
CVE-2024-31481 7.5 - High - May 14, 2024

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.

Unauthenticated CLI DoS via PAPI Protocol
CVE-2024-31480 7.5 - High - May 14, 2024

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.

Unauthenticated DoS in Central Communications Service via PAPI
CVE-2024-31479 7.5 - High - May 14, 2024

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.

Soft AP Daemon Unauthenticated DoS via PAPI
CVE-2024-31478 7.5 - High - May 14, 2024

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point.

Unknown Authenticated CLI Command Injection Enabling Privileged OS Cmd Exec
CVE-2024-31477 8.8 - High - May 14, 2024

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Authenticated CLI Command Injection Resulting in Privileged OS Code Execution
CVE-2024-31476 8.8 - High - May 14, 2024

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Aruba Central Comms: Arbitrary File Delete via PAPI
CVE-2024-31475 8.2 - High - May 14, 2024

There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.

Command injection in Aruba Access Point PAPI UDP 8211 enabling RCE
CVE-2024-31473 9.8 - Critical - May 14, 2024

There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Aruba AP PAPI Buffer Overflow RCE
CVE-2024-31466 9.8 - Critical - May 14, 2024

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Unauthenticated CLI DoS via PAPI on Access Point
CVE-2023-45621 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Unauthenticated DoS via PAPI CLI on Cisco Access Points
CVE-2023-45620 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Unauthenticated DoS in BLE Daemon via PAPI on Access Point
CVE-2023-45622 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Unauthenticated DoS via Wi-Fi Uplink PAPI on Cisco Wireless Controller
CVE-2023-45623 7.5 - High - November 14, 2023

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Unauthenticated DoS in Soft AP Daemon via PAPI Protocol
CVE-2023-45624 7.5 - High - November 14, 2023

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

Buffer Overflow in Aruba AirWave Client allows UAC RCE via PAPI UDP
CVE-2023-45616 9.8 - Critical - November 14, 2023

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Aruba AP CLI service permits arbitrary file deletion via PAPI
CVE-2023-45617 8.2 - High - November 14, 2023

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

Aruba AirWave PAPI Client: Arbitrary File Delete via PAPI
CVE-2023-45618 8.2 - High - November 14, 2023

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

Aruba AP RSSI Service via PAPI Enables Arbitrary File Deletion
CVE-2023-45619 8.2 - High - November 14, 2023

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.

Aruba PAPI CLI Buffer Overflow Unauth RCE (CVE-2023-45614)
CVE-2023-45614 9.8 - Critical - November 14, 2023

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

CVE-2023-45615: Unauth RCE via PAPI UDP 8211 on Aruba APs
CVE-2023-45615 9.8 - Critical - November 14, 2023

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Auth CLI Cmd Injection Privileged OS Exec
CVE-2023-45625 7.2 - High - November 14, 2023

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Command Injection

Authenticated Persistent Privileged Code Execution Across Reboot
CVE-2023-45626 7.2 - High - November 14, 2023

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.

Authenticated CLI DoS in WiFi Access Point
CVE-2023-45627 6.5 - Medium - November 14, 2023

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

Aruba PAPI UDP RCE via buffer overflow (CVE-2023-35981)
CVE-2023-35981 9.8 - Critical - July 25, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Aruba AP PAPI UDP Buffer Overflow enabling privileged RCE
CVE-2023-35982 9.8 - Critical - July 25, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Aruba PAPI UDP Buffer Overflow Remote Code Exec
CVE-2023-35980 9.8 - Critical - July 25, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Unauthenticated PAPI DoS on Aruba InstantOS/ArubaOS 10
CVE-2023-22787 7.5 - High - May 08, 2023

An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

Aruba PAPI UDP Buffer Overflow RCE (CVE-2023-22784)
CVE-2023-22784 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Aruba AP PAPI UDP 8211 Buffer Overflow Enables RCE
CVE-2023-22785 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Aruba PAPI UDP Buffer Overflow RCE
CVE-2023-22786 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Aruba AP PAPI UDP BOF RCE
CVE-2023-22779 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

ArubaOS PAPI UDP Buffer Overflow Unauth RCE
CVE-2023-22780 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow

Aruba PAPI buffer overflow enables unauthenticated RCE
CVE-2023-22781 9.8 - Critical - May 08, 2023

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Classic Buffer Overflow