PT-2023-5492 · Hewlett Packard · Hpe Aruba Networking Virtual Intranet Access (Via) Client

Will Dormann

Publicado

2023-08-15

Atualizado

2023-08-23

CVE-2023-38401

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE Aruba Networking Virtual Intranet Access (VIA) client (affected versions not specified)

Description A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITYSYSTEM privileges on the operating system. The vulnerability is related to insufficient access control, which could allow an attacker to gain access to the shell and execute arbitrary code with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2023-06138

CVE-2023-38401

Produtos afetados

Hpe Aruba Networking Virtual Intranet Access (Via) Client

PT-2023-5492 · Hewlett Packard · Hpe Aruba Networking Virtual Intranet Access (Via) Client

CVE-2023-38401

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11