CVE-2024-31482

CVSS v3.1 5.3 (Medium)
EPSS 0.04 % (12th)

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.

Base Severity
Medium
Base Score
5.3
Impact Score
1.4
Exploitability Score
3.9
Metrics
Attack Vector (AV) Network
Attack Complexity (AC) Low
Privileges Required (PR) None
User Interaction (UI) None
Scope (S) Unchanged
Confidentiality (C) None
Integrity (I) None
Availability (A) Low

Weaknesses

# ID Name
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OWASP

# ID Name
A03:2021 Injection

CAPEC - Common Attack Pattern Enumeration and Classification

# ID Name Weakness
CAPEC-6 Argument Injection CWE-78
CAPEC-15 Command Delimiters CWE-78
CAPEC-43 Exploiting Multiple Input Interpretation Layers CWE-78
CAPEC-88 OS Command Injection CWE-78
CAPEC-108 Command Line Execution through SQL Injection CWE-78
Awaiting Analysis
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
Hewlett Packard Enterprise (HPE)
Published Date
2024-05-14 23:15:12
(8 months ago)
Updated Date
2024-11-21 09:13:37
(2 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...