Home

Description

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.

PUBLISHED Reserved 2024-09-24 | Published 2024-11-05 | Updated 2024-11-09 | Assigner hpe




HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
affected

AOS-10.4.x.x: 10.4.1.4 and below (semver)
affected

Instant AOS-8.12.x.x: 8.12.0.2 and below (semver)
affected

Instant AOS-8.10.x.x: 8.10.0.13 and below (semver)
affected

Credits

zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/) reporter

References

support.hpe.com/...y?docId=hpesbnw04722en_us&docLocale=en_US

cve.org (CVE-2024-47463)

nvd.nist.gov (CVE-2024-47463)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.