{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31477", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2024-04-03T21:21:22.897Z", "datePublished": "2024-05-14T22:32:06.557Z", "dateUpdated": "2025-06-24T15:15:50.694Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AOS-8 Instant and AOS-10 AP", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"lessThanOrEqual": "10.5.1.0", "status": "affected", "version": "10.5.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.4.1.0", "status": "affected", "version": "10.4.0.0", "versionType": "semver"}, {"lessThanOrEqual": "8.11.2.1", "status": "affected", "version": "8.11.0.0", "versionType": "semver"}, {"lessThanOrEqual": "8.10.0.10", "status": "affected", "version": "8.10.0.0", "versionType": "semver"}, {"lessThanOrEqual": "8.6.0.23", "status": "affected", "version": "8.6.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik De Jong (bugcrowd.com/erikdejong)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.</p>"}], "value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2025-06-24T15:15:50.694Z"}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US"}], "source": {"advisory": "HPESBNW04647", "discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "affected": [{"vendor": "arubanetworks", "product": "arubaos", "cpes": ["cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10.5.0.0", "status": "affected", "lessThanOrEqual": "10.5.1.0", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "arubaos", "cpes": ["cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10.4.0.0", "status": "affected", "lessThanOrEqual": "10.4.1.0", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "instant", "cpes": ["cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.10.0.0", "status": "affected", "lessThanOrEqual": "8.10.0.10", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "instant", "cpes": ["cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.11.0.0", "status": "affected", "lessThanOrEqual": "8.11.2.1", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "instant", "cpes": ["cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.6.0.0", "status": "affected", "lessThanOrEqual": "8.6.0.23", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "arubaos", "cpes": ["cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10.3.0.0", "status": "affected", "lessThan": "10.4.0.0", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "instant", "cpes": ["cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.9.0.0", "status": "affected", "lessThan": "8.10.0.0", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "instant", "cpes": ["cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.8.0.0", "status": "affected", "lessThan": "8.9.0.0", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "instant", "cpes": ["cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.5.0.0", "status": "affected", "lessThan": "8.6.0.0", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "instant", "cpes": ["cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.7.0.0", "status": "affected", "lessThan": "8.8.0.0", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "instant", "cpes": ["cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.4.0.0", "status": "affected", "lessThan": "8.5.0.0", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "instant", "cpes": ["cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.5.0.0", "status": "affected", "lessThan": "6.6.0.0", "versionType": "custom"}]}, {"vendor": "arubanetworks", "product": "instant", "cpes": ["cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.4.0.0", "status": "affected", "lessThan": "6.5.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-17T04:00:34.951992Z", "id": "CVE-2024-31477", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T16:59:03.824Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:52:57.111Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:52:57.111Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31477", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-17T04:00:34.951992Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "arubaos", "versions": [{"status": "affected", "version": "10.5.0.0", "versionType": "custom", "lessThanOrEqual": "10.5.1.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "arubaos", "versions": [{"status": "affected", "version": "10.4.0.0", "versionType": "custom", "lessThanOrEqual": "10.4.1.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "instant", "versions": [{"status": "affected", "version": "8.10.0.0", "versionType": "custom", "lessThanOrEqual": "8.10.0.10"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "instant", "versions": [{"status": "affected", "version": "8.11.0.0", "versionType": "custom", "lessThanOrEqual": "8.11.2.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "instant", "versions": [{"status": "affected", "version": "8.6.0.0", "versionType": "custom", "lessThanOrEqual": "8.6.0.23"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "arubaos", "versions": [{"status": "affected", "version": "10.3.0.0", "lessThan": "10.4.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "instant", "versions": [{"status": "affected", "version": "8.9.0.0", "lessThan": "8.10.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "instant", "versions": [{"status": "affected", "version": "8.8.0.0", "lessThan": "8.9.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "instant", "versions": [{"status": "affected", "version": "8.5.0.0", "lessThan": "8.6.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "instant", "versions": [{"status": "affected", "version": "8.7.0.0", "lessThan": "8.8.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "instant", "versions": [{"status": "affected", "version": "8.4.0.0", "lessThan": "8.5.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "instant", "versions": [{"status": "affected", "version": "6.5.0.0", "lessThan": "6.6.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"], "vendor": "arubanetworks", "product": "instant", "versions": [{"status": "affected", "version": "6.4.0.0", "lessThan": "6.5.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-15T13:40:45.942Z"}}], "cna": {"source": {"advisory": "HPESBNW04647", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Erik De Jong (bugcrowd.com/erikdejong)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "AOS-8 Instant and AOS-10 AP", "versions": [{"status": "affected", "version": "10.5.0.0", "versionType": "semver", "lessThanOrEqual": "10.5.1.0"}, {"status": "affected", "version": "10.4.0.0", "versionType": "semver", "lessThanOrEqual": "10.4.1.0"}, {"status": "affected", "version": "8.11.0.0", "versionType": "semver", "lessThanOrEqual": "8.11.2.1"}, {"status": "affected", "version": "8.10.0.0", "versionType": "semver", "lessThanOrEqual": "8.10.0.10"}, {"status": "affected", "version": "8.6.0.0", "versionType": "semver", "lessThanOrEqual": "8.6.0.23"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US"}], "x_generator": {"engine": "Vulnogram 0.1.0"}, "descriptions": [{"lang": "en", "value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.", "supportingMedia": [{"type": "text/html", "value": "<p>Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.</p>", "base64": false}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2025-06-24T15:15:50.694Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31477", "state": "PUBLISHED", "dateUpdated": "2025-06-24T15:15:50.694Z", "dateReserved": "2024-04-03T21:21:22.897Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2024-05-14T22:32:06.557Z", "assignerShortName": "hpe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403", "versionEndExcluding": "10.4.1.1", "versionStartIncluding": "10.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B", "versionEndExcluding": "10.5.1.1", "versionStartIncluding": "10.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5", "versionEndExcluding": "8.6.0.24", "versionStartIncluding": "6.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A", "versionEndExcluding": "8.10.0.11", "versionStartIncluding": "8.7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system."}, {"lang": "es", "value": "Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."}], "id": "CVE-2024-31477", "lastModified": "2025-06-24T16:15:25.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T23:15:11.423", "references": [{"source": "security-alert@hpe.com", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}