CVE-2023-22791

low-risk
Published 2023-05-08

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

Do I need to act?

-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
ADJACENT_NETWORK / HIGH complexity

Affected Products (2)

Affected Vendors

Hp Arubanetworks

References (2)

Vendor Advisory https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt
Vendor Advisory https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt
22
/ 100
low-risk
Severity 14/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low