CVE-2020-24634 - Vulnerability Details

Vendors	Products
Arubanetworks	7005 7008 7010 7024 7030 7205 7210 7220 7240xm 7280 9004 9004-lte 9012 Arubaos Sd-wan

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Aruba 9000 Gateway", "vendor": "n/a", "versions": [{"status": "affected", "version": "2.1.0.1"}, {"status": "affected", "version": "2.2.0.0 and below"}]}, {"product": "Aruba 7000 Series Mobility Controllers", "vendor": "n/a", "versions": [{"status": "affected", "version": "6.4.4.23"}, {"status": "affected", "version": "6.5.4.17"}, {"status": "affected", "version": "8.2.2.9"}, {"status": "affected", "version": "8.3.0.13"}, {"status": "affected", "version": "8.5.0.10"}, {"status": "affected", "version": "8.6.0.5"}, {"status": "affected", "version": "8.7.0.0 and below"}]}, {"product": "Aruba 7200 Series Mobility Controllers", "vendor": "n/a", "versions": [{"status": "affected", "version": "6.4.4.23"}, {"status": "affected", "version": "6.5.4.17"}, {"status": "affected", "version": "8.2.2.9"}, {"status": "affected", "version": "8.3.0.13"}, {"status": "affected", "version": "8.5.0.10"}, {"status": "affected", "version": "8.6.0.5"}, {"status": "affected", "version": "8.7.0.0 and below"}]}], "descriptions": [{"lang": "en", "value": "An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."}], "problemTypes": [{"descriptions": [{"description": "remote injection of arbitrary commands", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-11T01:22:50", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2020-24634", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Aruba 9000 Gateway", "version": {"version_data": [{"version_value": "2.1.0.1"}, {"version_value": "2.2.0.0 and below"}]}}, {"product_name": "Aruba 7000 Series Mobility Controllers", "version": {"version_data": [{"version_value": "6.4.4.23"}, {"version_value": "6.5.4.17"}, {"version_value": "8.2.2.9"}, {"version_value": "8.3.0.13"}, {"version_value": "8.5.0.10"}, {"version_value": "8.6.0.5"}, {"version_value": "8.7.0.0 and below"}]}}, {"product_name": "Aruba 7200 Series Mobility Controllers", "version": {"version_data": [{"version_value": "6.4.4.23"}, {"version_value": "6.5.4.17"}, {"version_value": "8.2.2.9"}, {"version_value": "8.3.0.13"}, {"version_value": "8.5.0.10"}, {"version_value": "8.6.0.5"}, {"version_value": "8.7.0.0 and below"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote injection of arbitrary commands"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:19:09.075Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2020-24634", "datePublished": "2020-12-11T01:22:50", "dateReserved": "2020-08-25T00:00:00", "dateUpdated": "2024-08-04T15:19:09.075Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Aruba 9000 Gateway (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.1.0.1 (string)

}

1 : { »

status : affected (string)

version : 2.2.0.0 and below (string)

}

]

}

1 : { »

product : Aruba 7000 Series Mobility Controllers (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : 6.4.4.23 (string)

}

1 : { »

status : affected (string)

version : 6.5.4.17 (string)

}

2 : { »

status : affected (string)

version : 8.2.2.9 (string)

}

3 : { »

status : affected (string)

version : 8.3.0.13 (string)

}

4 : { »

status : affected (string)

version : 8.5.0.10 (string)

}

5 : { »

status : affected (string)

version : 8.6.0.5 (string)

}

6 : { »

status : affected (string)

version : 8.7.0.0 and below (string)

}

]

}

2 : { »

product : Aruba 7200 Series Mobility Controllers (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : 6.4.4.23 (string)

}

1 : { »

status : affected (string)

version : 6.5.4.17 (string)

}

2 : { »

status : affected (string)

version : 8.2.2.9 (string)

}

3 : { »

status : affected (string)

version : 8.3.0.13 (string)

}

4 : { »

status : affected (string)

version : 8.5.0.10 (string)

}

5 : { »

status : affected (string)

version : 8.6.0.5 (string)

}

6 : { »

status : affected (string)

version : 8.7.0.0 and below (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : remote injection of arbitrary commands (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-12-11T01:22:50 (string)

orgId : eb103674-0d28-4225-80f8-39fb86215de0 (string)

shortName : hpe (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security-alert@hpe.com (string)

ID : CVE-2020-24634 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Aruba 9000 Gateway (string)

version : { »

version_data : [ »

0 : { »

version_value : 2.1.0.1 (string)

}

1 : { »

version_value : 2.2.0.0 and below (string)

}

]

}

1 : { »

product_name : Aruba 7000 Series Mobility Controllers (string)

version : { »

version_data : [ »

0 : { »

version_value : 6.4.4.23 (string)

}

1 : { »

version_value : 6.5.4.17 (string)

}

2 : { »

version_value : 8.2.2.9 (string)

}

3 : { »

version_value : 8.3.0.13 (string)

}

4 : { »

version_value : 8.5.0.10 (string)

}

5 : { »

version_value : 8.6.0.5 (string)

}

6 : { »

version_value : 8.7.0.0 and below (string)

}

]

}

2 : { »

product_name : Aruba 7200 Series Mobility Controllers (string)

version : { »

version_data : [ »

0 : { »

version_value : 6.4.4.23 (string)

}

1 : { »

version_value : 6.5.4.17 (string)

}

2 : { »

version_value : 8.2.2.9 (string)

}

3 : { »

version_value : 8.3.0.13 (string)

}

4 : { »

version_value : 8.5.0.10 (string)

}

5 : { »

version_value : 8.6.0.5 (string)

}

6 : { »

version_value : 8.7.0.0 and below (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : remote injection of arbitrary commands (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us (string)

refsource : CONFIRM (string)

url : https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T15:19:09.075Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : eb103674-0d28-4225-80f8-39fb86215de0 (string)

assignerShortName : hpe (string)

cveId : CVE-2020-24634 (string)

datePublished : 2020-12-11T01:22:50 (string)

dateReserved : 2020-08-25T00:00:00 (string)

dateUpdated : 2024-08-04T15:19:09.075Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49A45927-D609-48E3-A5E5-FEB977F4F58D", "versionEndExcluding": "8.2.2.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3E3ED71-0BA0-4D76-9BB7-D84FA571C4D0", "versionEndExcluding": "8.3.0.14", "versionStartIncluding": "8.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "419BC61F-B002-4848-BB6B-51CA15C8E6F2", "versionEndExcluding": "8.5.0.11", "versionStartIncluding": "8.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6A4597E-0267-4DA8-BFFB-513BEA7D04D4", "versionEndExcluding": "8.6.0.6", "versionStartIncluding": "8.6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "894088FF-5838-4CE7-AA31-CE7FB247E271", "versionEndExcluding": "8.7.1.0", "versionStartIncluding": "8.7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "A206DE28-E15A-437B-BC1C-261F32F24F3A", "versionEndExcluding": "2.1.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1D1957E-1DFE-495B-8DF5-C1640857DDF4", "versionEndExcluding": "2.2.0.1", "versionStartIncluding": "2.2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."}, {"lang": "es", "value": "Un atacante es capaz de inyectar remotamente comandos arbitrarios mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP (8211) de PAPI (protocolo de Aruba Networks AP Management) de puntos de acceso o controladores en Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers versiones: 2.1.0.1, 2.2.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo"}], "id": "CVE-2020-24634", "lastModified": "2024-11-21T05:15:17.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-11T02:15:11.057", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 49A45927-D609-48E3-A5E5-FEB977F4F58D (string)

versionEndExcluding : 8.2.2.10 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D3E3ED71-0BA0-4D76-9BB7-D84FA571C4D0 (string)

versionEndExcluding : 8.3.0.14 (string)

versionStartIncluding : 8.3.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 419BC61F-B002-4848-BB6B-51CA15C8E6F2 (string)

versionEndExcluding : 8.5.0.11 (string)

versionStartIncluding : 8.4.0.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C6A4597E-0267-4DA8-BFFB-513BEA7D04D4 (string)

versionEndExcluding : 8.6.0.6 (string)

versionStartIncluding : 8.6.0.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 894088FF-5838-4CE7-AA31-CE7FB247E271 (string)

versionEndExcluding : 8.7.1.0 (string)

versionStartIncluding : 8.7.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:* (string)

matchCriteriaId : FE128072-9444-40D5-AC86-BB317869EB97 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F747F71E-66BC-4776-BCCC-3123F8EEEBC6 (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 59612211-5054-44DC-B028-61A2C5C6133D (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 15FE873C-3C45-4EA3-9AD1-D07F132BC31F (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E8E68DB6-149B-4469-BD27-69F1AC59166F (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2E9AA178-1327-402E-8740-8409ECA448BC (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9969F899-4D7A-4DD5-B81D-DB16B20CF86A (string)

vulnerable : false (boolean)

}

7 : { »

criteria : cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:* (string)

matchCriteriaId : CF33BAD0-0596-4910-B096-99E2033F73D8 (string)

vulnerable : false (boolean)

}

8 : { »

criteria : cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:* (string)

matchCriteriaId : FDDFDA5E-3895-463A-86EA-1823EC1B5045 (string)

vulnerable : false (boolean)

}

9 : { »

criteria : cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A206DE28-E15A-437B-BC1C-261F32F24F3A (string)

versionEndExcluding : 2.1.0.2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A1D1957E-1DFE-495B-8DF5-C1640857DDF4 (string)

versionEndExcluding : 2.2.0.1 (string)

versionStartIncluding : 2.2.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:* (string)

matchCriteriaId : CFA13FF5-7C60-48B4-AF46-18A9F19D5D42 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9 (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 17162DB3-973E-47C6-9157-39A0E94603F2 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. (string)

}

1 : { »

lang : es (string)

value : Un atacante es capaz de inyectar remotamente comandos arbitrarios mediante el envío de paquetes especialmente diseñados destinados al puerto UDP (8211) de PAPI (protocolo de Aruba Networks AP Management) de puntos de acceso o controladores en Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers versiones: 2.1.0.1, 2.2.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo (string)

}

]

id : CVE-2020-24634 (string)

lastModified : 2024-11-21T05:15:17.977 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-12-11T02:15:11.057 (string)

references : [ »

0 : { »

source : security-alert@hpe.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us (string)

}

]

sourceIdentifier : security-alert@hpe.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-77 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object