Description
A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS)8.13.0.0 – 8.13.1.1
- Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS)8.12.0.0 – 8.12.0.6
- Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS)8.10.0.0 – 8.10.0.21
- Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS)10.8.0.0 – 10.8.0.0
- Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS)10.7.0.0 – 10.7.2.2
- Hewlett Packard Enterprise (HPE) / HPE Aruba Networking Wireless Operating System (AOS)10.4.0.0 – 10.4.1.10