Home

Description

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

PUBLISHED Reserved 2024-04-03 | Published 2024-05-14 | Updated 2025-06-24 | Assigner hpe




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

10.5.0.0 (semver)
affected

10.4.0.0 (semver)
affected

8.11.0.0 (semver)
affected

8.10.0.0 (semver)
affected

8.6.0.0 (semver)
affected

Credits

Erik De Jong (bugcrowd.com/erikdejong) reporter

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

support.hpe.com/...y?docId=hpesbnw04647en_us&docLocale=en_US

cve.org (CVE-2024-31467)

nvd.nist.gov (CVE-2024-31467)

Download JSON