PT-2022-24129 · Aruba · Arubaos 10+1
Published
2022-10-07
·
Updated
2022-11-09
·
CVE-2022-37895
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Aruba InstantOS versions 6.4.4.8 through 4.2.4.20 and below
Aruba InstantOS versions 6.5.4.23 and below
Aruba InstantOS versions 8.6.0.18 and below
Aruba InstantOS versions 8.7.1.9 and below
Aruba InstantOS versions 8.10.0.1 and below
ArubaOS 10 versions 10.3.1.0 and below
Description
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP.
Recommendations
For Aruba InstantOS versions 6.4.4.8 through 4.2.4.20 and below, upgrade to a version above 4.2.4.20.
For Aruba InstantOS versions 6.5.4.23 and below, upgrade to a version above 6.5.4.23.
For Aruba InstantOS versions 8.6.0.18 and below, upgrade to a version above 8.6.0.18.
For Aruba InstantOS versions 8.7.1.9 and below, upgrade to a version above 8.7.1.9.
For Aruba InstantOS versions 8.10.0.1 and below, upgrade to a version above 8.10.0.1.
For ArubaOS 10 versions 10.3.1.0 and below, upgrade to a version above 10.3.1.0.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aruba Instant
Arubaos 10