// For flags

CVE-2024-42396

Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

*Credits: zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-07-31 CVE Reserved
  • 2024-08-06 CVE Published
  • 2024-08-12 CVE Updated
  • 2024-08-24 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hewlett Packard Enterprise (HPE)
Search vendor "Hewlett Packard Enterprise (HPE)"
HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10
Search vendor "Hewlett Packard Enterprise (HPE)" for product "HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10"
<= 8.12.0.1
Search vendor "Hewlett Packard Enterprise (HPE)" for product "HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10" and version " <= 8.12.0.1"
en
Affected
Hewlett Packard Enterprise (HPE)
Search vendor "Hewlett Packard Enterprise (HPE)"
HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10
Search vendor "Hewlett Packard Enterprise (HPE)" for product "HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10"
<= 8.10.0.12
Search vendor "Hewlett Packard Enterprise (HPE)" for product "HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10" and version " <= 8.10.0.12"
en
Affected