CVE-2022-37895Arubaos vulnerability

3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.6%
top 31.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosArubanetworks Instant
Timeline
PublishedOct 7
Latest updateOct 8

Description

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDarubanetworks/arubaos10.3.0.010.3.1.1
NVDarubanetworks/instant6.4.0.06.4.4.8-4.2.4.21+4

🔴Vulnerability Details

2
GHSA
GHSA-9jcf-jh46-9428: An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 102022-10-08
CVEList
CVE-2022-37895: An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 102022-10-07
CVE-2022-37895 — Arubanetworks Arubaos vulnerability | cvebase