CVE-2024-26305
CRITICALAruba Mobility Conductor and Controllers - Unauthenticated Remote Code Execution via PAPI UDP Port Buffer Overflow
Title source: llmDescription
There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
References (1)
Core 1
Core References
Scores
CVSS v3
9.8
EPSS
0.1516
EPSS Percentile
96.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (4)
Hewlett Packard Enterprise (HPE)/Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
ArubaOS 10.4.x.x: 10.4.1.0 and below
Hewlett Packard Enterprise (HPE)/Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
ArubaOS 10.5.x.x: 10.5.1.0 and below
Hewlett Packard Enterprise (HPE)/Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
ArubaOS 8.10.x.x: 8.10.0.10 and below
Hewlett Packard Enterprise (HPE)/Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
ArubaOS 8.11.x.x: 8.11.2.1 and below
Published
May 01, 2024
Tracked Since
Feb 18, 2026