PT-2022-24128 · Aruba · Arubaos 10+1
Published
2022-10-07
·
Updated
2022-11-09
·
CVE-2022-37894
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Aruba InstantOS versions 6.4.4.8 through 4.2.4.20 and below
Aruba InstantOS versions 6.5.4.23 and below
Aruba InstantOS versions 8.6.0.18 and below
Aruba InstantOS versions 8.7.1.9 and below
Aruba InstantOS versions 8.10.0.1 and below
ArubaOS 10 versions 10.3.1.0 and below
Description
An unauthenticated Denial of Service (DoS) issue exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this issue results in the ability to interrupt the normal operation of the affected access point.
Recommendations
For Aruba InstantOS versions 6.4.4.8 through 4.2.4.20 and below, update to a version above 4.2.4.20.
For Aruba InstantOS versions 6.5.4.23 and below, update to a version above 6.5.4.23.
For Aruba InstantOS versions 8.6.0.18 and below, update to a version above 8.6.0.18.
For Aruba InstantOS versions 8.7.1.9 and below, update to a version above 8.7.1.9.
For Aruba InstantOS versions 8.10.0.1 and below, update to a version above 8.10.0.1.
For ArubaOS 10 versions 10.3.1.0 and below, update to a version above 10.3.1.0.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aruba Instant
Arubaos 10