CVE-2020-24633
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
Affected (9)
Products: Arubanetworks: Arubaos, Sd Wan
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.4.4.24 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 7005 | All versions |
Arubanetworks 7008 | All versions |
Arubanetworks 7010 | All versions |
Arubanetworks 7024 | All versions |
Arubanetworks 7030 | All versions |
Arubanetworks 7205 | All versions |
Arubanetworks 7210 | All versions |
Arubanetworks 7220 | All versions |
Arubanetworks 7240xm | All versions |
Arubanetworks 7280 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.0.2 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 9004 | All versions |
Arubanetworks 9004 Lte | All versions |
Arubanetworks 9012 | All versions |
References (2)
Source: security-alert@hpe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.