CVE-2022-37892

Name of the Vulnerable Software and Affected Versions Aruba InstantOS versions 6.4.4.8 through 6.4.4.20 and below Aruba InstantOS versions 6.5.4.23 and below Aruba InstantOS versions 8.6.0.18 and below Aruba InstantOS versions 8.7.1.9 and below Aruba InstantOS versions 8.10.0.1 and below ArubaOS 10 versions 10.3.1.0 and below

Description A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.

Recommendations For Aruba InstantOS versions 6.4.4.8 through 6.4.4.20 and below, upgrade to a version above 6.4.4.20. For Aruba InstantOS versions 6.5.4.23 and below, upgrade to a version above 6.5.4.23. For Aruba InstantOS versions 8.6.0.18 and below, upgrade to a version above 8.6.0.18. For Aruba InstantOS versions 8.7.1.9 and below, upgrade to a version above 8.7.1.9. For Aruba InstantOS versions 8.10.0.1 and below, upgrade to a version above 8.10.0.1. For ArubaOS 10 versions 10.3.1.0 and below, upgrade to a version above 10.3.1.0.