CVE-2024-42394
EUVD-2024-3959806.08.2024, 19:15
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| arubanetworks | arubaos | 10.3.0.0 ≤ 𝑥 < 10.4.1.4 |
| arubanetworks | arubaos | 10.5.0.0 ≤ 𝑥 < 10.6.0.1 |
| hp | instantos | 6.4.0.0 ≤ 𝑥 < 8.10.0.13 |
| hp | instantos | 8.12.0.0 ≤ 𝑥 < 8.12.0.2 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| hpe | aruba_networking_instantos | 𝑥 ≤ 8.12.0.1 | ADP |
| hpe | aruba_networking_instantos | 𝑥 ≤ 8.10.0.12 | ADP |
| hpe | arubaos | 𝑥 ≤ 8.12.0.1 | ADP |
| hpe | arubaos | 𝑥 ≤ 8.10.0.12 | ADP |
Common Weakness Enumeration
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.