Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for aruba_virtual_intranet_access by hp

    CVE-2023-38402 (GCVE-0-2023-38402)

    Vulnerability from nvd – Published: 2023-08-15 18:47 – Updated: 2024-10-03 13:39
    VLAI
    Title
    Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
    Summary
    A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Virtual Intranet Access (VIA) Affected: HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows , ≤ <=4.5.0 (semver)
    Create a notification for this product.
    Credits
    Gee-netics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:39:13.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38402",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T13:38:22.931372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T13:39:07.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "HPE Aruba Networking Virtual Intranet Access (VIA)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=4.5.0",
                  "status": "affected",
                  "version": "HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gee-netics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the HPE Aruba Networking Virtual Intranet\u0026nbsp;Access (VIA) client could allow malicious users to overwrite\u0026nbsp;arbitrary files as NT AUTHORITY\\SYSTEM. A successful\u0026nbsp;exploit could allow these malicious users to create a\u0026nbsp;Denial-of-Service (DoS) condition affecting the Microsoft\u0026nbsp;Windows operating System boot process."
                }
              ],
              "value": "A vulnerability in the HPE Aruba Networking Virtual Intranet\u00a0Access (VIA) client could allow malicious users to overwrite\u00a0arbitrary files as NT AUTHORITY\\SYSTEM. A successful\u00a0exploit could allow these malicious users to create a\u00a0Denial-of-Service (DoS) condition affecting the Microsoft\u00a0Windows operating System boot process."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-15T18:47:59.783Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-38402",
        "datePublished": "2023-08-15T18:47:59.783Z",
        "dateReserved": "2023-07-17T15:44:25.991Z",
        "dateUpdated": "2024-10-03T13:39:07.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38401 (GCVE-0-2023-38401)

    Vulnerability from nvd – Published: 2023-08-15 18:16 – Updated: 2024-11-22 14:08
    VLAI
    Title
    Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
    Summary
    A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Virtual Intranet Access (VIA) Affected: HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows , ≤ <=4.5.0 (semver)
    Create a notification for this product.
    hp aruba_virtual_intranet_access Affected: 0 , ≤ 4.5.0 (custom)
        cpe:2.3:a:hp:aruba_virtual_intranet_access:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Will Dormann (@wdormann)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:39:13.478Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hp:aruba_virtual_intranet_access:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "aruba_virtual_intranet_access",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThanOrEqual": "4.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T20:10:51.994304Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T14:08:18.521Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "HPE Aruba Networking Virtual Intranet Access (VIA)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=4.5.0",
                  "status": "affected",
                  "version": "HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Will Dormann (@wdormann)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate\u0026nbsp;privileges. Successful exploitation could allow execution of\u0026nbsp;arbitrary code with NT AUTHORITY\\SYSTEM privileges on the\u0026nbsp;operating system."
                }
              ],
              "value": "A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate\u00a0privileges. Successful exploitation could allow execution of\u00a0arbitrary code with NT AUTHORITY\\SYSTEM privileges on the\u00a0operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-15T18:16:47.513Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-38401",
        "datePublished": "2023-08-15T18:16:47.513Z",
        "dateReserved": "2023-07-17T15:44:25.991Z",
        "dateUpdated": "2024-11-22T14:08:18.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23678 (GCVE-0-2022-23678)

    Vulnerability from nvd – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability.
    Severity
    No CVSS data available.
    CWE
    • remote disclosure of sensitive information
    Assigner
    hpe
    References
    Impacted products
    Vendor Product Version
    n/a Aruba Virtual Intranet Access (VIA) Affected: Windows Client Only - All versions lower than VIA 4.3.0 build 2208101
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba Virtual Intranet Access (VIA)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote disclosure of sensitive information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-06T17:18:52.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2022-23678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba Virtual Intranet Access (VIA)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote disclosure of sensitive information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt",
                  "refsource": "MISC",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2022-23678",
        "datePublished": "2022-09-06T17:18:52.000Z",
        "dateReserved": "2022-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:45.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38402 (GCVE-0-2023-38402)

    Vulnerability from cvelistv5 – Published: 2023-08-15 18:47 – Updated: 2024-10-03 13:39
    VLAI
    Title
    Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
    Summary
    A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Virtual Intranet Access (VIA) Affected: HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows , ≤ <=4.5.0 (semver)
    Create a notification for this product.
    Credits
    Gee-netics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:39:13.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38402",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T13:38:22.931372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T13:39:07.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "HPE Aruba Networking Virtual Intranet Access (VIA)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=4.5.0",
                  "status": "affected",
                  "version": "HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gee-netics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the HPE Aruba Networking Virtual Intranet\u0026nbsp;Access (VIA) client could allow malicious users to overwrite\u0026nbsp;arbitrary files as NT AUTHORITY\\SYSTEM. A successful\u0026nbsp;exploit could allow these malicious users to create a\u0026nbsp;Denial-of-Service (DoS) condition affecting the Microsoft\u0026nbsp;Windows operating System boot process."
                }
              ],
              "value": "A vulnerability in the HPE Aruba Networking Virtual Intranet\u00a0Access (VIA) client could allow malicious users to overwrite\u00a0arbitrary files as NT AUTHORITY\\SYSTEM. A successful\u00a0exploit could allow these malicious users to create a\u00a0Denial-of-Service (DoS) condition affecting the Microsoft\u00a0Windows operating System boot process."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-15T18:47:59.783Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-38402",
        "datePublished": "2023-08-15T18:47:59.783Z",
        "dateReserved": "2023-07-17T15:44:25.991Z",
        "dateUpdated": "2024-10-03T13:39:07.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38401 (GCVE-0-2023-38401)

    Vulnerability from cvelistv5 – Published: 2023-08-15 18:16 – Updated: 2024-11-22 14:08
    VLAI
    Title
    Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
    Summary
    A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Virtual Intranet Access (VIA) Affected: HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows , ≤ <=4.5.0 (semver)
    Create a notification for this product.
    hp aruba_virtual_intranet_access Affected: 0 , ≤ 4.5.0 (custom)
        cpe:2.3:a:hp:aruba_virtual_intranet_access:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Will Dormann (@wdormann)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:39:13.478Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hp:aruba_virtual_intranet_access:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "aruba_virtual_intranet_access",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThanOrEqual": "4.5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T20:10:51.994304Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T14:08:18.521Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "HPE Aruba Networking Virtual Intranet Access (VIA)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=4.5.0",
                  "status": "affected",
                  "version": "HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Will Dormann (@wdormann)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate\u0026nbsp;privileges. Successful exploitation could allow execution of\u0026nbsp;arbitrary code with NT AUTHORITY\\SYSTEM privileges on the\u0026nbsp;operating system."
                }
              ],
              "value": "A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate\u00a0privileges. Successful exploitation could allow execution of\u00a0arbitrary code with NT AUTHORITY\\SYSTEM privileges on the\u00a0operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-15T18:16:47.513Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-38401",
        "datePublished": "2023-08-15T18:16:47.513Z",
        "dateReserved": "2023-07-17T15:44:25.991Z",
        "dateUpdated": "2024-11-22T14:08:18.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23678 (GCVE-0-2022-23678)

    Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability.
    Severity
    No CVSS data available.
    CWE
    • remote disclosure of sensitive information
    Assigner
    hpe
    References
    Impacted products
    Vendor Product Version
    n/a Aruba Virtual Intranet Access (VIA) Affected: Windows Client Only - All versions lower than VIA 4.3.0 build 2208101
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aruba Virtual Intranet Access (VIA)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote disclosure of sensitive information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-06T17:18:52.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "ID": "CVE-2022-23678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aruba Virtual Intranet Access (VIA)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote disclosure of sensitive information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt",
                  "refsource": "MISC",
                  "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2022-23678",
        "datePublished": "2022-09-06T17:18:52.000Z",
        "dateReserved": "2022-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:45.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }