CVE-2016-8527

high-risk
Published 2018-08-06

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.

Do I need to act?

!
61.8% chance of exploitation in next 30 days
EPSS score — higher than 38% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
41482
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Hp

References (6)

Vendor Advisory http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-001.txt
Third Party Advisory http://www.securityfocus.com/bid/96495
Exploit https://www.exploit-db.com/exploits/41482/
Vendor Advisory http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-001.txt
Third Party Advisory http://www.securityfocus.com/bid/96495
Exploit https://www.exploit-db.com/exploits/41482/
54
/ 100
high-risk
Severity 23/34 · High
Exploitability 26/34 · High
Exposure 5/34 · Minimal