CVE-2023-22791

A vulnerability exists in Aruba InstantOS and ArubaOS 10where an edge-case combination of network configuration, aspecific WLAN environment and an attacker already possessingvalid user credentials on that WLAN can lead to sensitiveinformation being disclosed via the WLAN. The scenarios inwhich this disclosure of potentially sensitive informationcan occur are complex and depend on factors that are beyondthe control of the attacker.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
hpeCNA
5.4 MEDIUM
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
arubanetworksarubaos
10.3.0.0 ≤
𝑥
≤ 10.3.1.0
hpinstantos
6.4.0.0 ≤
𝑥
≤ 6.4.4.8-4.2.4.20
hpinstantos
6.5.0.0 ≤
𝑥
≤ 6.5.4.23
hpinstantos
8.4.0.0 ≤
𝑥
< 8.6.0.0
hpinstantos
8.6.0.0 ≤
𝑥
≤ 8.6.0.19
hpinstantos
8.7.0.0 ≤
𝑥
≤ 8.9.0.0
hpinstantos
8.10.0.0 ≤
𝑥
≤ 8.10.0.4
𝑥
= Vulnerable software versions
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt