CVE-2024-31483

An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt	Vendor Advisory Broken Link
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt	Vendor Advisory Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::

History

05 Jun 2025, 15:26

Type	Values Removed	Values Added
CPE		cpe:2.3:o:hp:instantos:::::::: cpe:2.3:o:arubanetworks:arubaos::::::::
First Time		Arubanetworks Arubanetworks arubaos Hp instantos Hp
References	~~() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt -~~	() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt - Vendor Advisory, Broken Link
CWE		NVD-CWE-noinfo

21 Nov 2024, 09:13

Type	Values Removed	Values Added
References	~~() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt -~~	() https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt -
Summary		(es) Existe una vulnerabilidad de divulgación de información confidencial autenticada en el servicio CLI al que se accede a través del protocolo PAPI. La explotación exitosa de esta vulnerabilidad da como resultado la capacidad de leer archivos arbitrarios en el sistema operativo subyacente.

14 May 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 23:15

Updated : 2025-06-05 15:26

NVD link : CVE-2024-31483

Mitre link : CVE-2024-31483

CVE.ORG link : CVE-2024-31483

JSON object : View

Products Affected

arubanetworks

arubaos

hp

instantos

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-31483", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-05-14T23:15:13.097", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "tags": ["Vendor Advisory", "Broken Link"], "source": "security-alert@hpe.com"}, {"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "tags": ["Vendor Advisory", "Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial autenticada en el servicio CLI al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de leer archivos arbitrarios en el sistema operativo subyacente."}], "lastModified": "2025-06-05T15:26:08.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C22DF47A-ECDC-4FB3-9361-2CE8972F2403", "versionEndExcluding": "10.4.1.1", "versionStartIncluding": "10.3.0.0"}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3088AE26-C175-4D22-A550-30B97164D15B", "versionEndExcluding": "10.5.1.1", "versionStartIncluding": "10.5.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EF296DF-98BB-4347-A655-F3046220FFB5", "versionEndExcluding": "8.6.0.24", "versionStartIncluding": "6.4.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D7CDA65-CB99-4A70-9E12-B38BC7A69F1A", "versionEndExcluding": "8.10.0.11", "versionStartIncluding": "8.7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}