CVE-2023-22791

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::

History

12 May 2023, 16:02

Type	Values Removed	Values Added
References	~~(MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt -~~	(MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt - Vendor Advisory
First Time		Hp Arubanetworks Hp instantos Arubanetworks arubaos
CPE		cpe:2.3:o:arubanetworks:arubaos:::::::: cpe:2.3:o:hp:instantos::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.8
CWE		NVD-CWE-noinfo

08 May 2023, 16:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-08 15:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-22791

Mitre link : CVE-2023-22791

CVE.ORG link : CVE-2023-22791

JSON object : View

Products Affected

arubanetworks

arubaos

hp

instantos

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-22791", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.2}]}, "published": "2023-05-08T15:15:10.647", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in Aruba InstantOS and ArubaOS 10\u00a0where an edge-case combination of network configuration, a\u00a0specific WLAN environment and an attacker already possessing\u00a0valid user credentials on that WLAN can lead to sensitive\u00a0information being disclosed via the WLAN. The scenarios in\u00a0which this disclosure of potentially sensitive information\u00a0can occur are complex and depend on factors that are beyond\u00a0the control of the attacker."}], "lastModified": "2023-05-12T16:02:10.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9226A2A-7048-4300-AC20-7629AA05E9D9", "versionEndIncluding": "10.3.1.0", "versionStartIncluding": "10.3.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93F7D378-2A4F-4A5B-BF1D-3AF38B61C626", "versionEndIncluding": "6.4.4.8-4.2.4.20", "versionStartIncluding": "6.4.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "286BD7C8-D7AB-4DEB-AF86-08E246230A50", "versionEndIncluding": "6.5.4.23", "versionStartIncluding": "6.5.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F892CBE-3BFF-49F6-9101-171C5A4C1503", "versionEndExcluding": "8.6.0.0", "versionStartIncluding": "8.4.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D7E179A-F8E7-49E3-9049-FE8AD39EB0DF", "versionEndIncluding": "8.6.0.19", "versionStartIncluding": "8.6.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3A8FE10-DA46-43BF-9713-A844CC935AD9", "versionEndIncluding": "8.9.0.0", "versionStartIncluding": "8.7.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1F4CC3E-1DBE-405D-869D-21499960C11B", "versionEndIncluding": "8.10.0.4", "versionStartIncluding": "8.10.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}