CVE-2024-47460

Published Nov 5, 2024

Last updated 5 months ago

CVSS critical 9.0

Overview

Description
Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Source
security-alert@hpe.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-77

Social media

Hype score
Not currently trending

  1. For @HPE Aruba APs on Instant AOS-8 & AOS-10; CVE-2024-42509 and CVE-2024-47460 in the most recent security advisory are rated 9.8 and 9.0 respectively. 4 other CVEs in the same advisory with RCE and Unauthenticated Command Injection in the CLI via PAPI. https://t.co/MCIw2W7

    @Sujeet

    21 Nov 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. HPE update software Instant AOS-8 และ AOS-10 เพื่อแก้ไขช่องโหว่CVE-2024-42509 และ CVE-2024-47460 เพื่อป้องกันการโจมตี Remote Code Execution (RCE) ที่จะถูกเข้าถึงได้ผ่านโปรโตคอล PAPI ทางเราแนะนำให้ผู้ใช้ AP ของ HPE update version หากสนใจ Aruba ติดต่อเราได้นะคะ #comnet #aruba htt

    @Comnet_TH

    13 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. HPE社がAruba無線LANアクセスポイントで複数の重大(Critical)な脆弱性を修正。CVE-2024-42509とCVE-2024-47460はUDP 8211で起動している管理CLIサービスPAPIにおける未認証でのコマンドインジェクション。 https://t.co/kRoE9t4NSJ

    @__kokumoto

    12 Nov 2024

    1932 Impressions

    9 Retweets

    25 Likes

    4 Bookmarks

    1 Reply

    1 Quote

  4. HPE warns of critical RCE flaws in Aruba Networking access points: https://t.co/Na8ANnNbeT Hewlett Packard Enterprise (HPE) issued updates for critical vulnerabilities in Aruba Networking Access Points, tracked as CVE-2024-42509 (9.8 severity) and CVE-2024-47460 (9.0 severity),…

    @securityRSS

    12 Nov 2024

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Critical Command Injection Flaws found in Aruba Networking Access Points! Remote code execution is possible—CVE-2024-42509 & CVE-2024-47460 threaten your network’s security. Don't wait for an attack! https://t.co/JMgDy84Vky

    @isectech_

    11 Nov 2024

    62 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Critical Command Injection Flaws found in Aruba Networking Access Points! Remote code execution is possible—CVE-2024-42509 & CVE-2024-47460 threaten your network’s security. Don't wait for an attack! Read more: https://t.co/jF3vRnso6o 👉 Patch your devices NOW.

    @TheHackersNews

    11 Nov 2024

    10071 Impressions

    12 Retweets

    30 Likes

    3 Bookmarks

    0 Replies

    3 Quotes

  7. CVE-20224-5209 CVE-2024-47460 Unauthenticated RCE in Aruba Access Points Specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211), lead to privileged Remote Code Execution (RCE). https://t.co/3cPBc1XA81

    @router_bugs

    8 Nov 2024

    780 Impressions

    3 Retweets

    12 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  8. Security Bulletin: HPE Aruba Remote Code Execution Vulnerabilities - CVE-2024-47460 and CVE-2024-42509 are critical command injection vulnerabilities in the underlying CLI service of Aruba's Access Point management protocol (PAPI). #ThreatIntel #CTI https://t.co/a6d01tgdAn

    @RedLegg

    7 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2024-42509 and CVE-2024-47460 : CRITICAL Remote Code Execution vulnerabilities in HPE Aruba Access Points. #PatchNOW #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/UE2mIYuk2k

    @patchnow24x7

    6 Nov 2024

    39 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  10. CVE-2024-42509 and CVE-2024-47460 : CRITICAL Remote Code Execution vulnerabilities in HPE Aruba Access Points. #PatchNOW Technical Details and Analysis: https://t.co/wOUkk79Q5z #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach https

    @patchnow24x7

    6 Nov 2024

    243 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    2 Quotes

  11. [CVE-2024-47460: CRITICAL] Beware of a command injection vulnerability in Aruba's CLI service that allows unauthenticated remote code execution through specially crafted packets on UDP port 8211.#cybersecurity,#vulnerability https://t.co/sylgFEijrO https://t.co/ocTEj8AQ28

    @CveFindCom

    5 Nov 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References