CVE-2024-31480

CVSS v3.1 5.3 (Medium)
EPSS 0.04 % (12th)

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.

Base Severity
Medium
Base Score
5.3
Impact Score
1.4
Exploitability Score
3.9
Metrics
Attack Vector (AV) Network
Attack Complexity (AC) Low
Privileges Required (PR) None
User Interaction (UI) None
Scope (S) Unchanged
Confidentiality (C) None
Integrity (I) None
Availability (A) Low

Weaknesses

# ID Name
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OWASP

# ID Name
A03:2021 Injection

CAPEC - Common Attack Pattern Enumeration and Classification

# ID Name Weakness
CAPEC-6 Argument Injection CWE-78
CAPEC-15 Command Delimiters CWE-78
CAPEC-43 Exploiting Multiple Input Interpretation Layers CWE-78
CAPEC-88 OS Command Injection CWE-78
CAPEC-108 Command Line Execution through SQL Injection CWE-78
Awaiting Analysis
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
Hewlett Packard Enterprise (HPE)
Published Date
2024-05-14 23:15:12
(8 months ago)
Updated Date
2024-11-21 09:13:36
(2 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...