We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-54010

Unauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switches



Description

A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure.

Reserved 2024-11-26 | Published 2025-01-08 | Updated 2025-01-08 | Assigner hpe


LOW: 3.4CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Product status

Default status
affected

Version 10.10.0000: 10.10.1140 and below
affected

Version 10.13.0000: 10.13.1060 and below
affected

Version 10.14.0000: 10.14.1020 and below
affected

Version 10.15.0000: 10.15.0005 and below
affected

Credits

DXC reporter

References

csaf.arubanetworks.com/...ruba_networking_-_hpesbnw04772.txt

cve.org (CVE-2024-54010)

nvd.nist.gov (CVE-2024-54010)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-54010

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.