5.4

CVE-2023-22791

Warning

EPSS 0.13%
Published 08.05.2023 15:15:10
Last modified 21.11.2024 07:45:26
Source security-alert@hpe.com
Teams watchlist Login
Open Login

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

Affected products Warnungen 1 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Arubanetworks ≫ Arubaos Version >= 10.3.0.0 <= 10.3.1.0

Hp ≫ Instantos Version >= 6.4.0.0 <= 6.4.4.8-4.2.4.20

Hp ≫ Instantos Version >= 6.5.0.0 <= 6.5.4.23

Hp ≫ Instantos Version >= 8.4.0.0 < 8.6.0.0

Hp ≫ Instantos Version >= 8.6.0.0 <= 8.6.0.19

Hp ≫ Instantos Version >= 8.7.0.0 <= 8.9.0.0

Hp ≫ Instantos Version >= 8.10.0.0 <= 8.10.0.4

10.05.2023: CERT.at Warnung

https://www.cert.at/de/warnungen/2023/5/kritische-sicherheitslucken-in-arubaos-und-aruba-instantos-updates-verfugbar

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.344

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.8	1.2	3.6	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
security-alert@hpe.com	5.4	1.2	4.2	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-22791

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-22791

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-22791

EUVD