CVE-2024-54008: Authenticated Remote Code Execution (RCE) in HPE Aruba Networking AirWave Management Platform

7.2 CVSS

Description

An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.

Classification

CVE ID: CVE-2024-54008

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

Affected Products

Vendor: Hewlett Packard Enterprise (HPE)

Product: HPE Aruba Networking AirWave Management Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04765en_us&docLocale=en_US

Timeline

2024-12-11 00:31:08 UTC
CVE

Authenticated Remote Code Execution (RCE) in HPE Aruba Networking AirWave Management Platform