Critical RCE Vulnerabilities in HPE Aruba Devices (may 2024)
CVE-2024-26304-RCE-exploits Critical RCE Vulnerabilities in HPE Aruba Devices (may 2024)
There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
HPE Aruba Networking fixes four critical RCE flaws in ArubaOS By Bill Toulas May 1, 2024 06:31 PM 0 HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. The advisory lists ten vulnerabilities, four of which are critical-severity (CVSS v3.1: 9.8) unauthenticated buffer overflow problems that can lead to remote code execution (RCE). Products i...