Lucene search

K
cve[email protected]CVE-2023-22791
HistoryMay 08, 2023 - 3:15 p.m.

CVE-2023-22791

2023-05-0815:15:10
web.nvd.nist.gov
17
cve-2023-22791
aruba
instantos
arubaos 10
vulnerability
wlan
information disclosure

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.8%

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

Affected configurations

NVD
Node
arubanetworksarubaosRange10.3.0.010.3.1.0
OR
hpinstantosRange6.4.0.06.4.4.8-4.2.4.20
OR
hpinstantosRange6.5.0.06.5.4.23
OR
hpinstantosRange8.4.0.08.6.0.0
OR
hpinstantosRange8.6.0.08.6.0.19
OR
hpinstantosRange8.7.0.08.9.0.0
OR
hpinstantosRange8.10.0.08.10.0.4

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Aruba Access Points running InstantOS and ArubaOS 10",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
      },
      {
        "status": "affected",
        "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
      },
      {
        "status": "affected",
        "version": "Aruba InstantOS 8.6.x:  8.6.0.19 and below"
      },
      {
        "status": "affected",
        "version": "Aruba InstantOS 8.10.x: 8.10.0.4 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 10.3.x:         10.3.1.0 and below"
      },
      {
        "status": "affected",
        "version": "See reference document for further details"
      }
    ]
  }
]

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.8%

Related for CVE-2023-22791