Lucene search

HpeCVE-2024-25615

HistoryMar 05, 2024 - 9:15 p.m.

CVE-2024-25615

2024-03-0521:15:08

hpe

web.nvd.nist.gov

cve

2024

25615

denial of service

dos

vulnerability

spectrum service

papi protocol

arubaos 8.x

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-25615