CVE-2024-42501— Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)

CVSS 7.2 · High EPSS 0.15% · P35 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-42501

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)

Source: NVD (National Vulnerability Database)

Vulnerability Description

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

ArubaOS 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ArubaOS是美国Aruba公司的一套面向Aruba Mobility-Defined Networks（包括移动控制器和移动接入交换机）的操作系统。 ArubaOS存在安全漏洞。攻击者利用该漏洞在底层操作系统上安装未签名的软件包，从而能够执行任意代码或安装植入程序。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Hewlett Packard Enterprise (HPE)	Aruba OS	Version 10.6.0.0: 10.6.0.2 and below ~ <=10.6.0.2	-

II. Public POCs for CVE-2024-42501

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-42501

请登录查看更多情报信息。

Same Patch Batch · Hewlett Packard Enterprise (HPE) · 2024-09-17 · 3 CVEs total

CVE-2024-42503	7.2 HIGH	Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the A
CVE-2024-42502	7.2 HIGH	Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interfa

IV. Related Vulnerabilities

Same product: Aruba OS

Same vendor: Hewlett Packard Enterprise (HPE)

V. Comments for CVE-2024-42501

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-42501— Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)

I. Basic Information for CVE-2024-42501

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-42501

III. Intelligence Information for CVE-2024-42501

Same Patch Batch · Hewlett Packard Enterprise (HPE) · 2024-09-17 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-42501

Leave a comment