CVE-2024-42505
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-42505 identifies a command injection vulnerability in Aruba's Access Point management protocol (PAPI) that could allow for unauthenticated remote code execution via specially crafted packets sent to UDP port 8211. Affected products include multiple models under identifiers such as y5k4ua, y57tpn, and ys6oP7, among others. The vulnerability poses a critical risk with an exploitability score of 9.8, as it can lead to arbitrary code execution on the operating system with high integrity and confidentiality impact, without any required user interaction or privileges. To mitigate this threat, organizations should apply recommended patches and monitor their network for suspicious activity targeting the affected services. Detailed remediation steps are available through HPE's support documentation linked in their security alert.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.