CVE-2024-26304CriticalConfirmedExploit available
Share link
Anyone with the link can open this vulnerability.
There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code executio…
CVSS
9.8
Critical
EPSS
0.44
p98
Published
2024-01-01
Updated
2024-01-01
Description
There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Tags · CWE
Pre-auth
CWE-121
CWE-121VariantDraft
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
https://cwe.mitre.org/data/definitions/121.html →Open in CWE collection →CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2024-01-01
Published
2024-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.440 · p98
Known exploited (KEV)
No
Known exploits — Сканер-ВС
CVE-2024-26304
github-poc · https://github.com/X-Projetion/CVE-2024-26304-RCE-exploit
No vulnerabilities match your filters.
Related vulnerabilities