CVE-2024-25616

Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
hpeCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
arubanetworksarubaos
8.10.0.0 ≤
𝑥
< 8.10.0.10
arubanetworksarubaos
8.11.0.0 ≤
𝑥
< 8.11.2.1
arubanetworksarubaos
10.4.0.0 ≤
𝑥
< 10.4.1.0
arubanetworksarubaos
10.5.0.0 ≤
𝑥
< 10.5.1.0
𝑥
= Vulnerable software versions
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt