{"cve":{"cve_id":"CVE-2024-42501","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01135,"epss_percentile":0.62331,"epss_as_of":"2026-06-23","description":"An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.","published_at":"2024-09-17T17:13:34.722000Z","last_modified_at":null,"cvss_v3_score":7.2,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-22"],"nvd_references":["https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T02:04:49.137859Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"aruba-os","product_name":"Aruba OS","version_start":"Version 10.6.0.0: 10.6.0.2 and below","version_start_inclusive":true,"version_end":"<=10.6.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:aruba-os:Version 10.6.0.0: 10.6.0.2 and below:<=10.6.0.2"},{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"aruba-os","product_name":"Aruba OS","version_start":"Version 8.10.0.0: 8.10.0.13 and below","version_start_inclusive":true,"version_end":"<=8.10.0.13","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:aruba-os:Version 8.10.0.0: 8.10.0.13 and below:<=8.10.0.13"},{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"aruba-os","product_name":"Aruba OS","version_start":"Version 10.5.0.0: 10.6.0.0 and below","version_start_inclusive":true,"version_end":"<=10.6.0.0","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:aruba-os:Version 10.5.0.0: 10.6.0.0 and below:<=10.6.0.0"},{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"aruba-os","product_name":"Aruba OS","version_start":"Version 10.3.0.0: 10.4.0.0 and below","version_start_inclusive":true,"version_end":"<=10.4.0.0","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:aruba-os:Version 10.3.0.0: 10.4.0.0 and below:<=10.4.0.0"},{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"aruba-os","product_name":"Aruba OS","version_start":"Version 8.11.0.0: 8.12.0.0 and below","version_start_inclusive":true,"version_end":"<=8.12.0.0","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:aruba-os:Version 8.11.0.0: 8.12.0.0 and below:<=8.12.0.0"},{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"aruba-os","product_name":"Aruba OS","version_start":"Version 8.12.0.0: 8.12.0.1 and below","version_start_inclusive":true,"version_end":"<=8.12.0.1","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:aruba-os:Version 8.12.0.0: 8.12.0.1 and below:<=8.12.0.1"},{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"aruba-os","product_name":"Aruba OS","version_start":"Version 6.5.4.0: 8.9.0.0 and below","version_start_inclusive":true,"version_end":"<=8.9.0.0","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:aruba-os:Version 6.5.4.0: 8.9.0.0 and below:<=8.9.0.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2024-09-17T17:13:34.722000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:37:21.133795Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:37:21.133795Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:37:21.133795Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T02:04:49.137859Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:04:49.137859Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:04:49.137859Z","label":"SSVC decision revised","source":"vulnrichment"}]}