CVE-2024-25616 — Arubaos vulnerability

3 documents3 sources

Severity

3.7LOWNVD

EPSS

0.1%

top 75.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos Hewlett Packard Enterprise Arubaos Wi-fi Controllers AND Campus Remote Access Points

Timeline

PublishedMar 5

Description

Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5hewlett_packard_enterprise/arubaos_wi-fi_controllers_and_campus_remote_access_points4 versions+3

▶NVDarubanetworks/arubaos8.10.0.0 — 8.10.0.10+3

🔴Vulnerability Details

CVEList

CVE-2024-25616: Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation proces↗2024-03-05

▶

GHSA

GHSA-jc62-23v4-pcpq: Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation proces↗2024-03-05

▶