{"containers": {"cna": {"affected": [{"product": "Aruba 9000 Gateway", "vendor": "n/a", "versions": [{"status": "affected", "version": "2.1.0.1"}, {"status": "affected", "version": "2.2.0.0 and below"}]}, {"product": "Aruba 7000 Series Mobility Controllers", "vendor": "n/a", "versions": [{"status": "affected", "version": "6.4.4.23"}, {"status": "affected", "version": "6.5.4.17"}, {"status": "affected", "version": "8.2.2.9"}, {"status": "affected", "version": "8.3.0.13"}, {"status": "affected", "version": "8.5.0.10"}, {"status": "affected", "version": "8.6.0.5"}, {"status": "affected", "version": "8.7.0.0 and below"}]}, {"product": "Aruba 7200 Series Mobility Controllers", "vendor": "n/a", "versions": [{"status": "affected", "version": "6.4.4.23"}, {"status": "affected", "version": "6.5.4.17"}, {"status": "affected", "version": "8.2.2.9"}, {"status": "affected", "version": "8.3.0.13"}, {"status": "affected", "version": "8.5.0.10"}, {"status": "affected", "version": "8.6.0.5"}, {"status": "affected", "version": "8.7.0.0 and below"}]}], "descriptions": [{"lang": "en", "value": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."}], "problemTypes": [{"descriptions": [{"description": "remote buffer overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-11T01:26:14", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2020-24633", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Aruba 9000 Gateway", "version": {"version_data": [{"version_value": "2.1.0.1"}, {"version_value": "2.2.0.0 and below"}]}}, {"product_name": "Aruba 7000 Series Mobility Controllers", "version": {"version_data": [{"version_value": "6.4.4.23"}, {"version_value": "6.5.4.17"}, {"version_value": "8.2.2.9"}, {"version_value": "8.3.0.13"}, {"version_value": "8.5.0.10"}, {"version_value": "8.6.0.5"}, {"version_value": "8.7.0.0 and below"}]}}, {"product_name": "Aruba 7200 Series Mobility Controllers", "version": {"version_data": [{"version_value": "6.4.4.23"}, {"version_value": "6.5.4.17"}, {"version_value": "8.2.2.9"}, {"version_value": "8.3.0.13"}, {"version_value": "8.5.0.10"}, {"version_value": "8.6.0.5"}, {"version_value": "8.7.0.0 and below"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote buffer overflow"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us"}]}}}}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2020-24633", "datePublished": "2020-12-11T01:26:14", "dateReserved": "2020-08-25T00:00:00", "dateUpdated": "2020-12-11T01:26:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE1BBC46-36EA-47DE-9173-707A23325F1A", "versionEndExcluding": "6.4.4.24", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "66C41F7C-BB41-449A-B030-C029E33AD041", "versionEndExcluding": "6.5.4.18", "versionStartIncluding": "6.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "65383999-0515-4646-9510-677D33ECBB11", "versionEndExcluding": "8.2.2.10", "versionStartIncluding": "8.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3E3ED71-0BA0-4D76-9BB7-D84FA571C4D0", "versionEndExcluding": "8.3.0.14", "versionStartIncluding": "8.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "419BC61F-B002-4848-BB6B-51CA15C8E6F2", "versionEndExcluding": "8.5.0.11", "versionStartIncluding": "8.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6A4597E-0267-4DA8-BFFB-513BEA7D04D4", "versionEndExcluding": "8.6.0.6", "versionStartIncluding": "8.6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "894088FF-5838-4CE7-AA31-CE7FB247E271", "versionEndExcluding": "8.7.1.0", "versionStartIncluding": "8.7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:7005:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE128072-9444-40D5-AC86-BB317869EB97", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7008:-:*:*:*:*:*:*:*", "matchCriteriaId": "F747F71E-66BC-4776-BCCC-3123F8EEEBC6", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7024:-:*:*:*:*:*:*:*", "matchCriteriaId": "15FE873C-3C45-4EA3-9AD1-D07F132BC31F", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "A206DE28-E15A-437B-BC1C-261F32F24F3A", "versionEndExcluding": "2.1.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1D1957E-1DFE-495B-8DF5-C1640857DDF4", "versionEndExcluding": "2.2.0.1", "versionStartIncluding": "2.2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9", "vulnerable": false}, {"criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*", "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below."}, {"lang": "es", "value": "Se presentan m\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer que podr\u00edan conllevar a una ejecuci\u00f3n de c\u00f3digo remota no autenticada mediante el env\u00edo de paquetes especialmente dise\u00f1ados destinados al puerto UDP (8211) de PAPI (protocolo de administraci\u00f3n Aruba Networks AP) de puntos de acceso o controladores en Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers versiones: 2.1.0.1, 2.2.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 y por debajo"}], "id": "CVE-2020-24633", "lastModified": "2021-11-18T18:17:05.783", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-11T02:15:10.943", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04072en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}