CVE-2016-8527

Name of the Vulnerable Software and Affected Versions Aruba Airwave versions up to, but not including, 8.2.3.1

Description The issue is related to a reflected cross-site scripting (XSS) vulnerability present in the VisualRF component. This vulnerability can be exploited by an attacker who tricks a logged-in administrative user into clicking a malicious link, potentially allowing the attacker to obtain sensitive information such as session cookies or passwords. The exploitation requires the administrative user to click on the link while logged into Airwave in the same browser.

Recommendations For versions up to, but not including, 8.2.3.1, update to version 8.2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the VisualRF component to minimize the risk of exploitation. Avoid clicking on suspicious links while logged into Airwave to prevent potential attacks.