CVE-2023-22791 — HP Instantos vulnerability

3 documents3 sources

Severity

4.8MEDIUMNVD

CNA5.4

EPSS

0.2%

top 62.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Instantos Arubanetworks Arubaos Hewlett Packard Enterprise Aruba Access Points Running Instantos AND Arubaos 10

Timeline

PublishedMay 8

Latest updateJul 6

Description

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

▶NVDarubanetworks/arubaos10.3.0.0 — 10.3.1.0

▶CVEListV5hewlett_packard_enterprise/aruba_access_points_running_instantos_and_arubaos_106 versions+5

▶NVDhp/instantos8.4.0.0 — 8.6.0.0+5

🔴Vulnerability Details

GHSA

GHSA-53fc-f6r2-6m2h: A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an a↗2023-07-06

▶

CVEList

Aruba InstantOS and ArubaOS 10 Sensitive Information Disclosure↗2023-05-08

▶