Login Sign Up

CVE-2024-33516

5.3 MEDIUM
Denial of Service

📋 TL;DR

An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol in ArubaOS. This allows attackers to disrupt controller operations without requiring authentication. Organizations using affected Aruba networking equipment are impacted.

💻 Affected Systems

Products:
  • Aruba Mobility Controllers
  • ArubaOS
Versions: ArubaOS 10.5.x.x, 10.4.x.x, 10.3.x.x, 8.11.x.x, 8.10.x.x, 8.9.x.x, 8.8.x.x, 8.7.x.x, 8.6.x.x
Operating Systems: ArubaOS
Default Config Vulnerable: ⚠️ Yes
Notes: All controllers running affected ArubaOS versions with Auth service enabled via PAPI protocol are vulnerable.

📦 What is this software?

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

Arubaos by Arubanetworks

View all CVEs affecting Arubaos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the Aruba controller, causing network downtime for all connected wireless access points and clients.

🟠

Likely Case

Temporary service interruption requiring controller reboot, disrupting wireless network availability.

🟢

If Mitigated

Minimal impact if controllers are behind firewalls with restricted PAPI protocol access.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation allows any internet-based attacker to target exposed controllers.
🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this to disrupt wireless services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Unauthenticated exploitation via PAPI protocol makes this easily exploitable by attackers with network access to the controller.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ArubaOS 10.5.1.0, 10.4.2.0, 10.3.3.0, 8.11.2.1, 8.10.0.10, 8.9.0.12, 8.8.0.14, 8.7.1.18, 8.6.0.27

Vendor Advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt

Restart Required: Yes

Instructions:

1. Download appropriate patched version from Aruba Support Portal. 2. Backup controller configuration. 3. Upload and install new firmware. 4. Reboot controller. 5. Verify version and functionality.

🔧 Temporary Workarounds

Restrict PAPI Protocol Access

all

Limit network access to PAPI protocol (UDP port 8211) to trusted management networks only.

Configure firewall rules to restrict UDP/8211 to management IPs only

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate controllers from untrusted networks
  • Monitor for unusual PAPI protocol traffic and implement rate limiting where possible

🔍 How to Verify

Check if Vulnerable:

Check ArubaOS version via controller CLI: 'show version' and compare against affected versions list.

Check Version:

show version

Verify Fix Applied:

Verify installed version matches patched versions listed in advisory and test Auth service functionality.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed Auth service requests
  • Controller service restart logs
  • Unusual PAPI protocol traffic patterns

Network Indicators:

  • High volume of UDP/8211 traffic to controller
  • Unusual source IPs accessing PAPI port

SIEM Query:

source_port:8211 AND (event_count > threshold OR dest_ip:controller_ip)

📊 Metadata

CVE ID: CVE-2024-33516
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-121
Published: May 1, 2024
Last Updated: July 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33516, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)