Overview

Three critical vulnerabilities are affecting HPE Aruba Networking Access Points. Exploitation of these vulnerabilities may allow an attacker to execute remote code.

Description

HPE Aruba Networking Access Points are affected by vulnerabilities tracked as CVE-2024-42393, CVE-2024-42394, and CVE-2024-42395 with CVSS scores of 9.8 each. The vulnerability results from unauthenticated stack-based buffer overflow in the Soft AP Daemon Service, and unauthenticated stack-based buffer overflow in the AP Certificate Management Service Accessed by the PAPI Protocol. The vulnerability allows attackers to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Impact

Successful exploitation of these vulnerabilities may allow the attackers to take control of the affected system.

Solution

HP has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References

• 1. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US