Lucene search

[email protected]NVD:CVE-2023-22791

HistoryMay 08, 2023 - 3:15 p.m.

CVE-2023-22791

2023-05-0815:15:10

[email protected]

web.nvd.nist.gov

cve-2023-22791

vulnerability

aruba instantos

arubaos 10

sensitive information

wlan

4.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

Affected configurations

NVD

Node

arubanetworksarubaosRange10.3.0.0–10.3.1.0

hpinstantosRange6.4.0.0–6.4.4.8-4.2.4.20

hpinstantosRange6.5.0.0–6.5.4.23

hpinstantosRange8.4.0.0–8.6.0.0

hpinstantosRange8.6.0.0–8.6.0.19

hpinstantosRange8.7.0.0–8.9.0.0

hpinstantosRange8.10.0.0–8.10.0.4

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt

4.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2023-22791

nessus2 prion1 cvelist1 cve1 ics1