CVE-2020-24633 (GCVE-0-2020-24633)

Vulnerability from cvelistv5 – Published: 2020-12-11 01:26 – Updated: 2024-08-04 15:19
VLAI?
Summary
There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.
Severity ?
No CVSS data available.
CWE
  • remote buffer overflow
Assigner
hpe
References
Impacted products
Vendor Product Version
n/a Aruba 9000 Gateway Affected: 2.1.0.1
Affected: 2.2.0.0 and below
    n/a Aruba 7000 Series Mobility Controllers Affected: 6.4.4.23
Affected: 6.5.4.17
Affected: 8.2.2.9
Affected: 8.3.0.13
Affected: 8.5.0.10
Affected: 8.6.0.5
Affected: 8.7.0.0 and below
    n/a Aruba 7200 Series Mobility Controllers Affected: 6.4.4.23
Affected: 6.5.4.17
Affected: 8.2.2.9
Affected: 8.3.0.13
Affected: 8.5.0.10
Affected: 8.6.0.5
Affected: 8.7.0.0 and below
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:19:09.283Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba 9000 Gateway",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.1.0.1"
            },
            {
              "status": "affected",
              "version": "2.2.0.0 and below"
            }
          ]
        },
        {
          "product": "Aruba 7000 Series Mobility Controllers",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.4.23"
            },
            {
              "status": "affected",
              "version": "6.5.4.17"
            },
            {
              "status": "affected",
              "version": "8.2.2.9"
            },
            {
              "status": "affected",
              "version": "8.3.0.13"
            },
            {
              "status": "affected",
              "version": "8.5.0.10"
            },
            {
              "status": "affected",
              "version": "8.6.0.5"
            },
            {
              "status": "affected",
              "version": "8.7.0.0 and below"
            }
          ]
        },
        {
          "product": "Aruba 7200 Series Mobility Controllers",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.4.23"
            },
            {
              "status": "affected",
              "version": "6.5.4.17"
            },
            {
              "status": "affected",
              "version": "8.2.2.9"
            },
            {
              "status": "affected",
              "version": "8.3.0.13"
            },
            {
              "status": "affected",
              "version": "8.5.0.10"
            },
            {
              "status": "affected",
              "version": "8.6.0.5"
            },
            {
              "status": "affected",
              "version": "8.7.0.0 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-11T01:26:14.000Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2020-24633",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba 9000 Gateway",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1.0.1"
                          },
                          {
                            "version_value": "2.2.0.0 and below"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Aruba 7000 Series Mobility Controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.4.23"
                          },
                          {
                            "version_value": "6.5.4.17"
                          },
                          {
                            "version_value": "8.2.2.9"
                          },
                          {
                            "version_value": "8.3.0.13"
                          },
                          {
                            "version_value": "8.5.0.10"
                          },
                          {
                            "version_value": "8.6.0.5"
                          },
                          {
                            "version_value": "8.7.0.0 and below"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Aruba 7200 Series Mobility Controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.4.23"
                          },
                          {
                            "version_value": "6.5.4.17"
                          },
                          {
                            "version_value": "8.2.2.9"
                          },
                          {
                            "version_value": "8.3.0.13"
                          },
                          {
                            "version_value": "8.5.0.10"
                          },
                          {
                            "version_value": "8.6.0.5"
                          },
                          {
                            "version_value": "8.7.0.0 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote buffer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04072en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2020-24633",
    "datePublished": "2020-12-11T01:26:14.000Z",
    "dateReserved": "2020-08-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:19:09.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.