Login Sign Up

CVE-2024-31475

8.2 HIGH

📋 TL;DR

This vulnerability allows attackers to delete arbitrary files on Aruba Access Points through the Central Communications service via PAPI. Successful exploitation can disrupt operations and compromise system integrity. Affected systems include Aruba Access Points running vulnerable versions of the Central Communications service.

💻 Affected Systems

Products:
  • Aruba Access Points with Central Communications service
Versions: Specific versions listed in Aruba advisory ARUBA-PSA-2024-006
Operating Systems: ArubaOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems where PAPI service is enabled and accessible.

📦 What is this software?

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Instantos by Hp

View all CVEs affecting Instantos →

Instantos by Hp

View all CVEs affecting Instantos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, rendering the access point inoperable and requiring physical replacement.

🟠

Likely Case

Service disruption through deletion of configuration or operational files, causing network outages and requiring administrative intervention.

🟢

If Mitigated

Limited impact if network segmentation prevents access to PAPI service and proper authentication controls are in place.

🌐 Internet-Facing: HIGH if PAPI service is exposed to internet, as exploitation could lead to remote service disruption.
🏢 Internal Only: MEDIUM if PAPI is accessible only internally, but still poses risk to network availability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires network access to PAPI service but no authentication based on CWE-463 (Deletion of Data Structure Sentinel).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions specified in ARUBA-PSA-2024-006 advisory

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

Restart Required: Yes

Instructions:

1. Review ARUBA-PSA-2024-006 advisory. 2. Download appropriate firmware update from Aruba support portal. 3. Apply update following Aruba's firmware upgrade procedures. 4. Restart affected access points.

🔧 Temporary Workarounds

Restrict PAPI Access

linux

Limit network access to PAPI service using firewall rules or network segmentation.

iptables -A INPUT -p tcp --dport <PAPI_PORT> -s <TRUSTED_NETWORK> -j ACCEPT
iptables -A INPUT -p tcp --dport <PAPI_PORT> -j DROP

Disable Unnecessary Services

all

Disable PAPI service if not required for operations.

Check Aruba documentation for service disable commands specific to your AP model

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate access points from untrusted networks
  • Deploy intrusion detection systems to monitor for PAPI exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version against affected versions in ARUBA-PSA-2024-006 advisory

Check Version:

show version (via Aruba AP CLI)

Verify Fix Applied:

Confirm firmware version is updated to patched version specified in advisory

📡 Detection & Monitoring

Log Indicators:

  • Unexpected file deletion events in system logs
  • PAPI service access from unauthorized sources

Network Indicators:

  • Unusual PAPI protocol traffic patterns
  • Multiple file deletion requests via PAPI

SIEM Query:

source="aruba_ap_logs" AND (event_type="file_deletion" OR protocol="PAPI")

📊 Metadata

CVE ID: CVE-2024-31475
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE: CWE-463
Published: May 14, 2024
Last Updated: June 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31475, you might also want to check these:

CVE-2024-13318 5.3

The Essential WP Real Estate plugin for WordPress has a vulnerability that allows unauthenticated at...

Same vulnerability type (CWE-463)