1. Home
  2. CVE Database
  3. CVE-2023-22791
MEDIUM · 5.4

CVE-2023-22791

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials ...

Vulnerability Description

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
ArubanetworksArubaos>= 10.3.0.0, <= 10.3.1.0
HpInstantos>= 6.4.0.0, <= 6.4.4.8-4.2.4.20

References

FAQ

What is CVE-2023-22791?

CVE-2023-22791 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials ...

How severe is CVE-2023-22791?

CVE-2023-22791 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-22791?

Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Arubaos, Hp Instantos.