Versions
InstantOS or ArubaOS (access points) 8.11.x.x:8.11.2.1 and below.
<=8.10.0.12
Version 8.10.0.0:8.10.0.12 and below
<=8.12.0.1
InstantOS or ArubaOS (access points) 8.6.x.x:8.6.0.23 and below.
InstantOS or ArubaOS (access points) 10.4.x.x:10.4.1.0 and below.
Version 8.12.0.0:8.12.0.1 and below
InstantOS or ArubaOS (access points) 8.10.x.x:8.10.0.10 and below.
InstantOS or ArubaOS (access points) 10.5.x.x:10.5.1.0 and below.
Recent CVEs
CVE-2024-42393
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2024-42394
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2024-42395
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2024-42396
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
CVE-2024-42397
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.