CVE-2024-42501
Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.
*Credits:
erikdejong
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-08-02 CVE Reserved
- 2024-09-17 CVE Published
- 2024-09-18 CVE Updated
- 2024-09-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hewlett Packard Enterprise (HPE) Search vendor "Hewlett Packard Enterprise (HPE)" | Aruba OS Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" | <= 10.6.0.2 Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" and version " <= 10.6.0.2" | en |
Affected
| ||||||
| Hewlett Packard Enterprise (HPE) Search vendor "Hewlett Packard Enterprise (HPE)" | Aruba OS Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" | <= 8.10.0.13 Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" and version " <= 8.10.0.13" | en |
Affected
| ||||||
| Hewlett Packard Enterprise (HPE) Search vendor "Hewlett Packard Enterprise (HPE)" | Aruba OS Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" | <= 10.6.0.0 Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" and version " <= 10.6.0.0" | en |
Affected
| ||||||
| Hewlett Packard Enterprise (HPE) Search vendor "Hewlett Packard Enterprise (HPE)" | Aruba OS Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" | <= 10.4.0.0 Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" and version " <= 10.4.0.0" | en |
Affected
| ||||||
| Hewlett Packard Enterprise (HPE) Search vendor "Hewlett Packard Enterprise (HPE)" | Aruba OS Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" | <= 8.12.0.0 Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" and version " <= 8.12.0.0" | en |
Affected
| ||||||
| Hewlett Packard Enterprise (HPE) Search vendor "Hewlett Packard Enterprise (HPE)" | Aruba OS Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" | <= 8.12.0.1 Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" and version " <= 8.12.0.1" | en |
Affected
| ||||||
| Hewlett Packard Enterprise (HPE) Search vendor "Hewlett Packard Enterprise (HPE)" | Aruba OS Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" | <= 8.9.0.0 Search vendor "Hewlett Packard Enterprise (HPE)" for product "Aruba OS" and version " <= 8.9.0.0" | en |
Affected
| ||||||