5.4

CVE-2023-22791

Warnung

EPSS 0.13%
Veröffentlicht 08.05.2023 15:15:10
Zuletzt bearbeitet 21.11.2024 07:45:26
Quelle security-alert@hpe.com
Teams Watchlist Login
Unerledigt Login

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arubanetworks ≫ Arubaos Version >= 10.3.0.0 <= 10.3.1.0

Hp ≫ Instantos Version >= 6.4.0.0 <= 6.4.4.8-4.2.4.20

Hp ≫ Instantos Version >= 6.5.0.0 <= 6.5.4.23

Hp ≫ Instantos Version >= 8.4.0.0 < 8.6.0.0

Hp ≫ Instantos Version >= 8.6.0.0 <= 8.6.0.19

Hp ≫ Instantos Version >= 8.7.0.0 <= 8.9.0.0

Hp ≫ Instantos Version >= 8.10.0.0 <= 8.10.0.4

10.05.2023: CERT.at Warnung

https://www.cert.at/de/warnungen/2023/5/kritische-sicherheitslucken-in-arubaos-und-aruba-instantos-updates-verfugbar

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.344

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.2	3.6	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
security-alert@hpe.com	5.4	1.2	4.2	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-22791

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-22791

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-22791

EUVD