The vulnerability of the HPE Aruba Networking Virtual Intranet Access Client (VIA) VPN service, related to deficiencies in access control, allows a hacker to gain access to the interface and execute arbitrary commands with root privileges.

🗓️ 28 Sep 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

HPE Aruba VIA VPN access control flaws allow interface access and root command execution.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2023-38401	19 Aug 202313:29	–	circl
CNNVD	HPE Aruba Networking Virtual Intranet Access 安全漏洞	15 Aug 202300:00	–	cnnvd
CVE	CVE-2023-38401	15 Aug 202318:16	–	cve
Cvelist	CVE-2023-38401 Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client	15 Aug 202318:16	–	cvelist
EUVD	EUVD-2023-42218	3 Oct 202520:07	–	euvd
NVD	CVE-2023-38401	15 Aug 202319:15	–	nvd
Prion	Design/Logic Flaw	15 Aug 202319:15	–	prion
Vulnrichment	CVE-2023-38401 Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client	15 Aug 202318:16	–	vulnrichment

Vulners

Node

hp hpe_aruba_networking_virtual_intranet_access_client_(via)Range<4.5.0

Source	Link
arubanetworks	www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2023081552
web	www.web.nvd.nist.gov/view/vuln/detail
arubanetworks	www.arubanetworks.com/assets/alert/ARUBA-PSA-PSA-2023-011.txt

28 Sep 2023 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 26.8

CVSS 37.8

EPSS0.00215

aruba networking virtual intranet access access control flaw root privileges interface access