CVE-2024-42396
Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
*Credits:
zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-07-31 CVE Reserved
- 2024-08-06 CVE Published
- 2024-08-12 CVE Updated
- 2024-08-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Hewlett Packard Enterprise (HPE) Search vendor "Hewlett Packard Enterprise (HPE)" | HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10 Search vendor "Hewlett Packard Enterprise (HPE)" for product "HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10" | <= 8.12.0.1 Search vendor "Hewlett Packard Enterprise (HPE)" for product "HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10" and version " <= 8.12.0.1" | en |
Affected
| ||||||
Hewlett Packard Enterprise (HPE) Search vendor "Hewlett Packard Enterprise (HPE)" | HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10 Search vendor "Hewlett Packard Enterprise (HPE)" for product "HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10" | <= 8.10.0.12 Search vendor "Hewlett Packard Enterprise (HPE)" for product "HPE Aruba Networking InstantOS And Aruba Access Points Running ArubaOS 10" and version " <= 8.10.0.12" | en |
Affected
|