Search criteria
6 vulnerabilities found for aruba_virtual_intranet_access by hp
CVE-2023-38402 (GCVE-0-2023-38402)
Vulnerability from nvd – Published: 2023-08-15 18:47 – Updated: 2024-10-03 13:39
VLAI?
Title
Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
Summary
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.
Severity ?
7.1 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking Virtual Intranet Access (VIA) |
Affected:
HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows , ≤ <=4.5.0
(semver)
|
Credits
Gee-netics
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T13:38:22.931372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T13:39:07.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "HPE Aruba Networking Virtual Intranet Access (VIA)",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=4.5.0",
"status": "affected",
"version": "HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gee-netics"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the HPE Aruba Networking Virtual Intranet\u0026nbsp;Access (VIA) client could allow malicious users to overwrite\u0026nbsp;arbitrary files as NT AUTHORITY\\SYSTEM. A successful\u0026nbsp;exploit could allow these malicious users to create a\u0026nbsp;Denial-of-Service (DoS) condition affecting the Microsoft\u0026nbsp;Windows operating System boot process."
}
],
"value": "A vulnerability in the HPE Aruba Networking Virtual Intranet\u00a0Access (VIA) client could allow malicious users to overwrite\u00a0arbitrary files as NT AUTHORITY\\SYSTEM. A successful\u00a0exploit could allow these malicious users to create a\u00a0Denial-of-Service (DoS) condition affecting the Microsoft\u00a0Windows operating System boot process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-15T18:47:59.783Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-38402",
"datePublished": "2023-08-15T18:47:59.783Z",
"dateReserved": "2023-07-17T15:44:25.991Z",
"dateUpdated": "2024-10-03T13:39:07.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38401 (GCVE-0-2023-38401)
Vulnerability from nvd – Published: 2023-08-15 18:16 – Updated: 2024-11-22 14:08
VLAI?
Title
Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
Summary
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.
Severity ?
7.8 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking Virtual Intranet Access (VIA) |
Affected:
HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows , ≤ <=4.5.0
(semver)
|
Credits
Will Dormann (@wdormann)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hp:aruba_virtual_intranet_access:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aruba_virtual_intranet_access",
"vendor": "hp",
"versions": [
{
"lessThanOrEqual": "4.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:10:51.994304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T14:08:18.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "HPE Aruba Networking Virtual Intranet Access (VIA)",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=4.5.0",
"status": "affected",
"version": "HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Will Dormann (@wdormann)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate\u0026nbsp;privileges. Successful exploitation could allow execution of\u0026nbsp;arbitrary code with NT AUTHORITY\\SYSTEM privileges on the\u0026nbsp;operating system."
}
],
"value": "A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate\u00a0privileges. Successful exploitation could allow execution of\u00a0arbitrary code with NT AUTHORITY\\SYSTEM privileges on the\u00a0operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-15T18:16:47.513Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-38401",
"datePublished": "2023-08-15T18:16:47.513Z",
"dateReserved": "2023-07-17T15:44:25.991Z",
"dateUpdated": "2024-11-22T14:08:18.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23678 (GCVE-0-2022-23678)
Vulnerability from nvd – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote disclosure of sensitive information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Virtual Intranet Access (VIA) |
Affected:
Windows Client Only - All versions lower than VIA 4.3.0 build 2208101
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Virtual Intranet Access (VIA)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:52",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Virtual Intranet Access (VIA)",
"version": {
"version_data": [
{
"version_value": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23678",
"datePublished": "2022-09-06T17:18:52",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38402 (GCVE-0-2023-38402)
Vulnerability from cvelistv5 – Published: 2023-08-15 18:47 – Updated: 2024-10-03 13:39
VLAI?
Title
Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
Summary
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.
Severity ?
7.1 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking Virtual Intranet Access (VIA) |
Affected:
HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows , ≤ <=4.5.0
(semver)
|
Credits
Gee-netics
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T13:38:22.931372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T13:39:07.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "HPE Aruba Networking Virtual Intranet Access (VIA)",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=4.5.0",
"status": "affected",
"version": "HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gee-netics"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the HPE Aruba Networking Virtual Intranet\u0026nbsp;Access (VIA) client could allow malicious users to overwrite\u0026nbsp;arbitrary files as NT AUTHORITY\\SYSTEM. A successful\u0026nbsp;exploit could allow these malicious users to create a\u0026nbsp;Denial-of-Service (DoS) condition affecting the Microsoft\u0026nbsp;Windows operating System boot process."
}
],
"value": "A vulnerability in the HPE Aruba Networking Virtual Intranet\u00a0Access (VIA) client could allow malicious users to overwrite\u00a0arbitrary files as NT AUTHORITY\\SYSTEM. A successful\u00a0exploit could allow these malicious users to create a\u00a0Denial-of-Service (DoS) condition affecting the Microsoft\u00a0Windows operating System boot process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-15T18:47:59.783Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-38402",
"datePublished": "2023-08-15T18:47:59.783Z",
"dateReserved": "2023-07-17T15:44:25.991Z",
"dateUpdated": "2024-10-03T13:39:07.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38401 (GCVE-0-2023-38401)
Vulnerability from cvelistv5 – Published: 2023-08-15 18:16 – Updated: 2024-11-22 14:08
VLAI?
Title
Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
Summary
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.
Severity ?
7.8 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking Virtual Intranet Access (VIA) |
Affected:
HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows , ≤ <=4.5.0
(semver)
|
Credits
Will Dormann (@wdormann)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hp:aruba_virtual_intranet_access:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aruba_virtual_intranet_access",
"vendor": "hp",
"versions": [
{
"lessThanOrEqual": "4.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:10:51.994304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T14:08:18.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "HPE Aruba Networking Virtual Intranet Access (VIA)",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=4.5.0",
"status": "affected",
"version": "HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Will Dormann (@wdormann)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate\u0026nbsp;privileges. Successful exploitation could allow execution of\u0026nbsp;arbitrary code with NT AUTHORITY\\SYSTEM privileges on the\u0026nbsp;operating system."
}
],
"value": "A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate\u00a0privileges. Successful exploitation could allow execution of\u00a0arbitrary code with NT AUTHORITY\\SYSTEM privileges on the\u00a0operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-15T18:16:47.513Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-38401",
"datePublished": "2023-08-15T18:16:47.513Z",
"dateReserved": "2023-07-17T15:44:25.991Z",
"dateUpdated": "2024-11-22T14:08:18.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23678 (GCVE-0-2022-23678)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:51
VLAI?
Summary
A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote disclosure of sensitive information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba Virtual Intranet Access (VIA) |
Affected:
Windows Client Only - All versions lower than VIA 4.3.0 build 2208101
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Virtual Intranet Access (VIA)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:52",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Virtual Intranet Access (VIA)",
"version": {
"version_data": [
{
"version_value": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23678",
"datePublished": "2022-09-06T17:18:52",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}