CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24457
https://notcve.org/view.php?id=CVE-2024-24457
15 Nov 2024 — An invalid memory access when handling the ProtocolIE_ID field of E-RAB Setup List Context SURes messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. An invalid memory access when handling the ProtocolIE_ID field of E-RAB Setup List Context SURes messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating... • http://athonet.com • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24458
https://notcve.org/view.php?id=CVE-2024-24458
15 Nov 2024 — An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PLMN Identities in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PLMN Identities in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repea... • http://athonet.com • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24459
https://notcve.org/view.php?id=CVE-2024-24459
15 Nov 2024 — An invalid memory access when handling the ProtocolIE_ID field of S1Setup Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. An invalid memory access when handling the ProtocolIE_ID field of S1Setup Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a cra... • http://athonet.com • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47464 – Authenticated Path Traversal Vulnerability Leads to a Remote Unauthorized Access to Files
https://notcve.org/view.php?id=CVE-2024-47464
05 Nov 2024 — An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location from the command line interface of the underlying operating system, which could lead to a remote unauthorized access to files. Existe una vulnerabilidad de Path Traversal autenticado en Instant AOS-8 y AOS-10. La explotación exitosa de esta vulnerabilidad permite a un atacante copiar archivos arbitrarios a una u... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47463 – Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-47463
05 Nov 2024 — An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. Existe una vulnerabilidad de creación de archivos arbitrarios en la interfaz de línea de comandos de Instant AOS-8 y AOS-10. La explotación exitosa de esta vulnerabilidad podría permitir que un atacant... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47462 – Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-47462
05 Nov 2024 — An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. Existe una vulnerabilidad de creación de archivos arbitrarios en la interfaz de línea de comandos de Instant AOS-8 y AOS-10. La explotación exitosa de esta vulnerabilidad podría permitir que un atacant... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47461 – Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10
https://notcve.org/view.php?id=CVE-2024-47461
05 Nov 2024 — An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system. Existe una vulnerabilidad de inyección de comandos autenticados en la interfaz de línea de comandos de Instant AOS-8 y AOS-10. Una explotación exitosa de esta v... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47460 – Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-47460
05 Nov 2024 — Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. La vulnerabilidad de inyección de comandos en el servicio CLI subyacente podría provocar la ejecución remota de código no autent... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42509 – Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-42509
05 Nov 2024 — Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. La vulnerabilidad de inyección de comandos en el servicio CLI subyacente podría provocar la ejecución remota de código no autent... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42508
https://notcve.org/view.php?id=CVE-2024-42508
18 Oct 2024 — This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04721en_us&docLocale=en_US • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •