CVE-2024-42502

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Sep 17, 2024
Updated: Sep 20, 2024
CWE ID 78

Summary

CVE-2024-42502 is an authenticated command injection vulnerability found in the command line interface of ArubaOS, affecting numerous products such as ys6oQA, ys5AQD, and ys6oP9. Successful exploitation allows attackers to inject shell commands into the underlying operating system, posing a high risk to confidentiality, integrity, and availability. The vulnerability requires high privileges to exploit but can be executed without user interaction over a network. Remediation measures include applying security patches as outlined in the official HPE support documentation. Organizations are urged to address this vulnerability promptly due to its potential for significant security breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share