HPE Aruba Networking Product Security Advisory - HPESBNW04722 - 05-Nov-2024

Created on 2024-11-06 16:21 and updated on 2024-11-06 16:23.

Description

HPE Aruba Networking has released software patches for Access Points running Instant AOS-8 and AOS-10 that address multiple security vulnerabilities.

Reference - https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04722.txt

Vulnerabilities included in this bundle

CVE-2024-47462: Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
CVE-2024-47460: Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol
CVE-2024-42509:
CVE-2024-47464:
CVE-2024-47461:
CVE-2024-47463:

Author

Alexandre Dulaunoy

Combined sightings

Author	Vulnerability	Source	Type	Date
automation	CVE-2024-47460	https://infosec.exchange/users/jbhall56/statuses/113447523738206151	seen	4 months ago
automation	CVE-2024-47460	https://infosec.exchange/users/patchnow24x7/statuses/113434504003363674	seen	4 months ago
automation	CVE-2024-47460	https://infosec.exchange/users/cve/statuses/113432788302548189	seen	4 months ago
automation	CVE-2024-42509	https://infosec.exchange/users/jbhall56/statuses/113447523738206151	seen	4 months ago
automation	CVE-2024-42509	https://infosec.exchange/users/vuldb/statuses/113437136279202270	seen	4 months ago
automation	CVE-2024-42509	https://infosec.exchange/users/patchnow24x7/statuses/113434504003363674	seen	4 months ago
automation	CVE-2024-42509	https://infosec.exchange/users/cve/statuses/113432758545807702	seen	4 months ago
automation	CVE-2024-47461	https://infosec.exchange/users/cve/statuses/113432818029718949	seen	4 months ago