CVE-2023-38401

🗓️ 15 Aug 2023 18:16:47Reported by hpeType

A vulnerability in HPE Aruba Networking VIA client allows local users to elevate privileges

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the HPE Aruba Networking Virtual Intranet Access Client (VIA) VPN service, related to deficiencies in access control, allows a hacker to gain access to the interface and execute arbitrary commands with root privileges.	28 Sep 202300:00	–	bdu_fstec
Circl	CVE-2023-38401	19 Aug 202313:29	–	circl
CNNVD	HPE Aruba Networking Virtual Intranet Access 安全漏洞	15 Aug 202300:00	–	cnnvd
Cvelist	CVE-2023-38401 Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client	15 Aug 202318:16	–	cvelist
EUVD	EUVD-2023-42218	3 Oct 202520:07	–	euvd
NVD	CVE-2023-38401	15 Aug 202319:15	–	nvd
Prion	Design/Logic Flaw	15 Aug 202319:15	–	prion
Vulnrichment	CVE-2023-38401 Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client	15 Aug 202318:16	–	vulnrichment

NVD

Node

hp aruba_virtual_intranet_accessRange<4.5.0

AND

microsoft windowsMatch-

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "HPE Aruba Networking Virtual Intranet Access (VIA)",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "<=4.5.0",
        "status": "affected",
        "version": "HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
arubanetworks	www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt

21 Nov 2024 08:13Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.8

EPSS0.00117

SSVC