CVE-2024-42507

Summary

CVE-2024-42507 describes command injection vulnerabilities in the CLI service associated with Aruba's Access Point management protocol (PAPI) over UDP port 8211, potentially allowing unauthenticated remote code execution. Affected products include various models identified by codes such as y5k4ua, y57tpn, and ys6oP-. The critical nature of this vulnerability is underscored by a CVSS base score of 9.8, indicating high risks to confidentiality, integrity, and availability. Exploitation of this flaw requires no user interaction and can occur over the network due to its low attack complexity. To remediate this issue, organizations are advised to implement available patches or updates from HPE.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.