CVE-2022-37896

Name of the Vulnerable Software and Affected Versions Aruba InstantOS versions 6.4.4.8 through 6.4.4.20 and below Aruba InstantOS versions 6.5.4.23 and below Aruba InstantOS versions 8.6.0.18 and below Aruba InstantOS versions 8.7.1.9 and below Aruba InstantOS versions 8.10.0.1 and below ArubaOS 10 versions 10.3.1.0 and below

Description A vulnerability in the web management interface of Aruba InstantOS and ArubaOS 10 exists due to the lack of protection of the web page structure. This vulnerability could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.

Recommendations For Aruba InstantOS versions 6.4.4.8 through 6.4.4.20 and below, upgrade to a version above 6.4.4.20. For Aruba InstantOS versions 6.5.4.23 and below, upgrade to a version above 6.5.4.23. For Aruba InstantOS versions 8.6.0.18 and below, upgrade to a version above 8.6.0.18. For Aruba InstantOS versions 8.7.1.9 and below, upgrade to a version above 8.7.1.9. For Aruba InstantOS versions 8.10.0.1 and below, upgrade to a version above 8.10.0.1. For ArubaOS 10 versions 10.3.1.0 and below, upgrade to a version above 10.3.1.0.