CVE-2024-42509
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 5, 2024
Updated: Nov 6, 2024
CWE ID 77
Summary
CVE-2024-42509 is a command injection vulnerability that affects the underlying CLI service in certain Aruba access points. Maliciously crafted packets, when sent to the PAPI (Aruba's Access Point management protocol) UDP port (8211), can trigger this vulnerability. Successful exploitation of this issue allows an unauthenticated attacker to execute arbitrary code with privileged user access on the underlying operating system. This poses a significant risk for potential data theft or system compromise.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share