Lucene search

HpeCVE-2024-33513

HistoryMay 01, 2024 - 5:15 p.m.

CVE-2024-33513

2024-05-0117:15:36

CWE-121

hpe

web.nvd.nist.gov

cve-2024-33513

unauthenticated

denial-of-service

ap management

papi protocol

vulnerabilities

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

Percentile

9.0%

JSON

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "ArubaOS 10.5.x.x: 10.5.1.0 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 10.4.x.x: 10.4.1.0 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 8.11.x.x: 8.11.2.1 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 8.10.x.x: 8.10.0.10 and below"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-33513