CVE-2020-24633 — CRITICAL (9.8)

Q: How severe is CVE-2020-24633?

CVE-2020-24633 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-24633?

Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Arubaos, Arubanetworks 7005, Arubanetworks 7008, Arubanetworks 7010, Arubanetworks 7024.

Vulnerability Description

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Arubanetworks	Arubaos	< 6.4.4.24
Arubanetworks	7005	-
Arubanetworks	7008	-
Arubanetworks	7010	-
Arubanetworks	7024	-
Arubanetworks	7030	-
Arubanetworks	7205	-
Arubanetworks	7210	-
Arubanetworks	7220	-
Arubanetworks	7240Xm	-
Arubanetworks	7280	-
Arubanetworks	Sd-Wan	< 2.1.0.2
Arubanetworks	9004	-
Arubanetworks	9004-Lte	-
Arubanetworks	9012	-

Related Weaknesses (CWE)

CWE-120

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory

FAQ

What is CVE-2020-24633?

CVE-2020-24633 is a vulnerability with a CVSS score of 9.8 (CRITICAL). There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management pro...

How severe is CVE-2020-24633?

CVE-2020-24633 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-24633?

Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Arubaos, Arubanetworks 7005, Arubanetworks 7008, Arubanetworks 7010, Arubanetworks 7024.