CVE-2022-37909 — Sensitive Information Exposure in Arubaos

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 73.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos Arubanetworks Sd-wan

Timeline

PublishedDec 12

Description

Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDarubanetworks/arubaos6.5.4.0 — 6.5.4.22+3

▶NVDarubanetworks/sd-wan8.7.0.0-2.3.0.0 — 8.7.0.0-2.3.0.6

🔴Vulnerability Details

GHSA

GHSA-7724-hcxw-879r: Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs↗2022-12-12

▶

CVEList

CVE-2022-37909: Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs↗2022-11-03

▶