CVE-2023-22787 — HP Instantos vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 51.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Instantos Arubanetworks Arubaos Hewlett Packard Enterprise Aruba Access Points Running Instantos AND Arubaos 10

Timeline

PublishedMay 8

Latest updateJul 6

Description

An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5hewlett_packard_enterprise/aruba_access_points_running_instantos_and_arubaos_106 versions+5

▶NVDarubanetworks/arubaos10.3.0.0 — 10.3.1.0

▶NVDhp/instantos8.4.0.0 — 8.6.0.0+5

🔴Vulnerability Details

GHSA

GHSA-gff5-qf5f-9qw3: An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10↗2023-07-06

▶

CVEList

Unauthenticated Denial of Service (DoS) in Aruba InstantOS or ArubaOS 10 Service Accessed via the PAPI Protocol↗2023-05-08

▶