CVE-2024-31474 : There is an arbitrary file deletion vulnerability in the CLI service accessed by

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point

Published 2024-05-14 22:29:51

Updated 2025-06-05 15:25:47

Source Hewlett Packard Enterprise (HPE)

View at NVD, CVE.org

Products affected by CVE-2024-31474

HP » Arubaos
Versions from including (>=) 8.11.0.0 and up to, including, (<=) 8.11.2.1
cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*
Matching versions
HP » Arubaos
Versions from including (>=) 8.10.0.0 and up to, including, (<=) 8.10.0.10
cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*
Matching versions
HP » Arubaos
Versions from including (>=) 10.5.0.0 and up to, including, (<=) 10.5.1.0
cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*
Matching versions
HP » Arubaos
Versions from including (>=) 10.4.0.0 and up to, including, (<=) 10.4.1.0
cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*
Matching versions
HP » Arubaos
Versions from including (>=) 8.6.0.0 and up to, including, (<=) 8.6.0.23
cpe:2.3:o:hp:arubaos:*:*:*:*:*:*:*:*
Matching versions
HP » Instantos
Versions from including (>=) 6.4.0.0 and before (<) 8.6.0.24
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
Matching versions
HP » Instantos
Versions from including (>=) 8.7.0.0 and before (<) 8.10.0.11
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Arubaos
Versions from including (>=) 8.11.0.0 and up to, including, (<=) 8.11.2.1
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Arubaos
Versions from including (>=) 8.10.0.0 and up to, including, (<=) 8.10.0.10
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Arubaos
Versions from including (>=) 10.4.0.0 and up to, including, (<=) 10.4.1.0
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Arubaos
Versions from including (>=) 8.6.0.0 and up to, including, (<=) 8.6.0.23
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Arubaos
Versions from including (>=) 10.5.0.0 and before (<) 10.5.1.1
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Arubaos
Versions from including (>=) 10.5.0.0 and up to, including, (<=) 10.5.1.0
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Arubaos
Versions from including (>=) 10.3.0.0 and before (<) 10.4.1.1
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Instant
Versions from including (>=) 8.11.0.0 and up to, including, (<=) 8.11.2.1
cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Instant
Versions from including (>=) 10.4.0.0 and up to, including, (<=) 10.4.1.0
cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Instant
Versions from including (>=) 8.6.0.0 and up to, including, (<=) 8.6.0.23
cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Instant
Versions from including (>=) 10.5.0.0 and up to, including, (<=) 10.5.1.0
cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
Matching versions
Arubanetworks » Instant
Versions from including (>=) 8.10.0.0 and up to, including, (<=) 8.10.0.10
cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-31474

EPSS FAQ

0.45%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 62 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-31474

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H	N/A	N/A	Hewlett Packard Enterprise (HPE)	2024-05-14
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High
8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H	3.9	4.2	NIST	2025-06-05
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High
8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H	3.9	4.2	Hewlett Packard Enterprise (HPE)	2024-05-14
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High

CWE ids for CVE-2024-31474

CWE-463 Deletion of Data Structure Sentinel

The accidental deletion of a data-structure sentinel can cause serious programming logic problems.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2024-31474

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

Vendor Advisory;Broken Link

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2024-31474

Products affected by CVE-2024-31474

Exploit prediction scoring system (EPSS) score for CVE-2024-31474

CVSS scores for CVE-2024-31474

CWE ids for CVE-2024-31474

References for CVE-2024-31474