CVE-2024-26305
Published: 01 May 2024
Summary
CVE-2024-26305 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Arubanetworks (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 7.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-26305 is a stack-based buffer overflow in the Utility daemon of Aruba networking devices. The flaw resides in the handling of Aruba's PAPI management protocol and can be triggered over UDP port 8211, allowing unauthenticated remote code execution with privileged operating-system rights.
An attacker with network reachability to the PAPI port can send specially crafted packets that overflow the buffer and execute arbitrary code without authentication or user interaction. Successful exploitation grants full control of the underlying operating system on affected access points and controllers.
Aruba published advisory ARUBA-PSA-2024-004 describing the issue and directing customers to available software updates.
EPSS for the CVE rose from low values after disclosure to a peak of 0.1645 in December 2025 before receding to the current 0.0799, indicating a period of increased exploitation interest that later subsided.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-23576
Vulnerability details
There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this…
more
vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.