CVE-2024-25616

EUVD-2024-22938
Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
hpeCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
arubanetworksarubaos
8.10.0.0 ≤
𝑥
< 8.10.0.10
arubanetworksarubaos
8.11.0.0 ≤
𝑥
< 8.11.2.1
arubanetworksarubaos
10.4.0.0 ≤
𝑥
< 10.4.1.0
arubanetworksarubaos
10.5.0.0 ≤
𝑥
< 10.5.1.0
𝑥
= Vulnerable software versions
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt