CVE-2018-7064

Name of the Vulnerable Software and Affected Versions Aruba Instant versions prior to 4.2.4.12 Aruba Instant versions prior to 6.5.4.11 Aruba Instant versions prior to 8.3.0.6 Aruba Instant versions prior to 8.4.0.0 SCALANCE (affected versions not specified)

Description A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface, allowing an attacker to trick an administrator into clicking a link that could take administrative actions or expose the session cookie. The vulnerability is related to insufficient protection of the web page structure.

Recommendations For Aruba Instant versions prior to 4.2.4.12, update to version 4.2.4.12 or later. For Aruba Instant versions prior to 6.5.4.11, update to version 6.5.4.11 or later. For Aruba Instant versions prior to 8.3.0.6, update to version 8.3.0.6 or later. For Aruba Instant versions prior to 8.4.0.0, update to version 8.4.0.0 or later. As a temporary workaround, administrators should log out of the Aruba Instant UI when not actively managing the system and use caution when clicking links from external sources while logged into the IAP administrative interface. At the moment, there is no information about a newer version that contains a fix for the SCALANCE vulnerability.