CVE-2023-22791
Last modified
CVE-2023-22791 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.
Metrics
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Arubaos | >= 10.3.0.0, <= 10.3.1.0 |
| Hp | Instantos | >= 6.4.0.0, <= 6.4.4.8-4.2.4.20 |
| Hp | Instantos | >= 6.5.0.0, <= 6.5.4.23 |
| Hp | Instantos | >= 8.4.0.0, < 8.6.0.0 |
| Hp | Instantos | >= 8.6.0.0, <= 8.6.0.19 |
| Hp | Instantos | >= 8.7.0.0, <= 8.9.0.0 |
| Hp | Instantos | >= 8.10.0.0, <= 8.10.0.4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-22791?
How severe is CVE-2023-22791?
How do I fix CVE-2023-22791?
Are you affected by CVE-2023-22791?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST