fkie_cve-2024-25614
Vulnerability from fkie_nvd
Published
2024-03-05 21:15
Modified
2025-07-28 13:02
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.
References
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txtBroken Link
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txtBroken Link
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2697A3FE-2435-49E4-9E21-AB4F7D664D62",
              "versionEndExcluding": "8.10.0.10",
              "versionStartIncluding": "8.10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CAF4A34-8D72-4337-A761-FDB404816DBE",
              "versionEndExcluding": "8.11.2.1",
              "versionStartIncluding": "8.11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "461A0E90-278E-4759-94C7-F18510AA9C13",
              "versionEndExcluding": "10.4.1.0",
              "versionStartIncluding": "10.4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42E8AC1B-B80A-43C4-B4CE-C9CDF23E7DD3",
              "versionEndExcluding": "10.5.1.0",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. \n\n"
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de eliminaci\u00f3n de archivos arbitraria en la CLI utilizada por ArubaOS. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de eliminar archivos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda provocar condiciones de denegaci\u00f3n de servicio y afectar la integridad del controlador."
    }
  ],
  "id": "CVE-2024-25614",
  "lastModified": "2025-07-28T13:02:14.643",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 4.2,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-03-05T21:15:08.473",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.