CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-24634

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0910%
EPSS Percentile40.18th
Published2020年12月11日
Last Modified2024年11月21日

Vulnerability Description

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.

Affected Platforms (CPE)

💻
Arubanetworks

Arubaos

< 8.2.2.10
💻
Arubanetworks

Arubaos

>= 8.3.0.0 and < 8.3.0.14
💻
Arubanetworks

Arubaos

>= 8.4.0.0 and < 8.5.0.11
💻
Arubanetworks

Arubaos

>= 8.6.0.0 and < 8.6.0.6
💻
Arubanetworks

Arubaos

>= 8.7.0.0 and < 8.7.1.0
📦
Arubanetworks

Sd Wan

< 2.1.0.2
📦
Arubanetworks

Sd Wan

>= 2.2.0.0 and < 2.2.0.1

References & Advisories

🔗 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us
🔗 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us

関連する脆弱性情報

CVE-2008-702310.0

Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for a...

CVE-2018-70819.8

A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the...

CVE-2017-90009.8

ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior...

CVE-2021-377169.8

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versi...