CVE-2024-31476

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt	Broken Link Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::

History

24 Jun 2025, 16:15

Type	Values Removed	Values Added
First Time		Arubanetworks Hp instantos Arubanetworks arubaos Hp
References		() https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US -
References	~~() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt -~~	() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt - Broken Link, Vendor Advisory
Summary	(en) Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.	(en) Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CPE		cpe:2.3:o:arubanetworks:arubaos:::::::: cpe:2.3:o:hp:instantos::::::::

Information

Published : 2024-05-14 23:15

Updated : 2025-06-24 16:15

NVD link : CVE-2024-31476

Mitre link : CVE-2024-31476

CVE.ORG link : CVE-2024-31476

JSON object : View

Products Affected

hp

instantos

arubanetworks

arubaos

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-31476", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-05-14T23:15:11.150", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US", "source": "security-alert@hpe.com"}, {"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system."}, {"lang": "es", "value": "Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente."}], "lastModified": "2025-06-24T16:15:24.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403", "versionEndExcluding": "10.4.1.1", "versionStartIncluding": "10.3.0.0"}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B", "versionEndExcluding": "10.5.1.1", "versionStartIncluding": "10.5.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5", "versionEndExcluding": "8.6.0.24", "versionStartIncluding": "6.4.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A", "versionEndExcluding": "8.10.0.11", "versionStartIncluding": "8.7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}