Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-42395

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Published

2024-08-06T19:15:57.017

Last Modified

2024-08-12T18:23:57.077

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-787
Type: Secondary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	arubanetworks	arubaos	< 10.4.1.4	Yes
Operating System	arubanetworks	arubaos	< 10.6.0.1	Yes
Operating System	hp	instantos	< 8.10.0.13	Yes
Operating System	hp	instantos	< 8.12.0.2	Yes

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US Vendor Advisory ([email protected])