CVE-2024-26304
CRITICALL2/L3 Management service - Buffer Overflow
Title source: llmDescription
There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
Exploits (2)
Scores
CVSS v3
9.8
EPSS
0.7324
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-121
Status
published
Products (4)
Hewlett Packard Enterprise (HPE)/Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
ArubaOS 10.4.x.x: 10.4.1.0 and below
Hewlett Packard Enterprise (HPE)/Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
ArubaOS 10.5.x.x: 10.5.1.0 and below
Hewlett Packard Enterprise (HPE)/Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
ArubaOS 8.10.x.x: 8.10.0.10 and below
Hewlett Packard Enterprise (HPE)/Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
ArubaOS 8.11.x.x: 8.11.2.1 and below
Published
May 01, 2024
Tracked Since
Feb 18, 2026