FKIE_CVE-2026-23810

Vulnerability from fkie_nvd - Published: 2026-03-04 17:16 - Updated: 2026-03-09 19:20
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.
References
security-alert@hpe.comhttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_USVendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos 10.8.0.0
arubanetworks 7010 -
arubanetworks 7030 -
arubanetworks 7205 -
arubanetworks 7210 -
arubanetworks 7220 -
arubanetworks 7240xm -
arubanetworks 7280 -
arubanetworks 9004 -
arubanetworks 9004-lte -
arubanetworks 9012 -
arubanetworks 9106 -
arubanetworks 9114 -
arubanetworks 9240 -
arubanetworks ap-634 -
arubanetworks ap-635 -
arubanetworks ap-654 -
arubanetworks ap-655 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8A04E5-890D-4CBC-B504-2F50294C49A1",
              "versionEndIncluding": "8.10.0.21",
              "versionStartIncluding": "6.5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33943569-C024-4615-BA2C-874DD71EC077",
              "versionEndIncluding": "8.12.0.6",
              "versionStartIncluding": "8.11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F95C3EA-87DF-448B-B63D-E469A38650AE",
              "versionEndIncluding": "8.13.1.1",
              "versionStartIncluding": "8.13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ECE682E-B356-4960-AC0F-4C066B8CB7EE",
              "versionEndIncluding": "10.4.1.10",
              "versionStartIncluding": "10.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E7CE262-1F72-4AE3-BE71-9E09EBF64B02",
              "versionEndIncluding": "10.7.2.2",
              "versionStartIncluding": "10.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "291A71D4-415C-4478-9BC1-1873ED23B6E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59612211-5054-44DC-B028-61A2C5C6133D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E68DB6-149B-4469-BD27-69F1AC59166F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9AA178-1327-402E-8740-8409ECA448BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9969F899-4D7A-4DD5-B81D-DB16B20CF86A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF33BAD0-0596-4910-B096-99E2033F73D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDFDA5E-3895-463A-86EA-1823EC1B5045",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBA9A71-BE10-471A-A8BE-5CCB8CE8393F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA13FF5-7C60-48B4-AF46-18A9F19D5D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1EB3D9-77B5-4DBE-9518-23DD0DA06BC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17162DB3-973E-47C6-9157-39A0E94603F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9106:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "086E2884-82B9-4909-973A-2AF9796EE6A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9114:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6758409-B957-486D-96C0-BCDD91BE4E8A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:9240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6BF9E0D-630F-40B4-9109-560CA13C981B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:ap-634:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69298E74-9FC7-4E96-9581-2B7F5CDD8956",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:ap-635:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0219C4A-855C-4CCC-9C56-499697A91B94",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:ap-654:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4B96D6-2695-43E4-9956-872E0661B9ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arubanetworks:ap-655:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18C831D-4D5C-4A50-8101-2CFB3D1B5210",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim\u0027s BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la l\u00f3gica de procesamiento de paquetes podr\u00eda permitir a un atacante autenticado crear y transmitir una trama Wi-Fi maliciosa que haga que un Punto de Acceso (AP) clasifique la trama como tr\u00e1fico dirigido a grupo y la vuelva a cifrar utilizando la Clave Temporal de Grupo (GTK) asociada con el BSSID de la v\u00edctima. La explotaci\u00f3n exitosa podr\u00eda permitir la inyecci\u00f3n de tr\u00e1fico independiente de GTK y, cuando se combina con una t\u00e9cnica de robo de puerto, permite a un atacante redirigir el tr\u00e1fico interceptado para facilitar ataques de m\u00e1quina en el medio (MitM) a trav\u00e9s de los l\u00edmites de BSSID."
    }
  ],
  "id": "CVE-2026-23810",
  "lastModified": "2026-03-09T19:20:48.343",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-04T17:16:19.060",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-300"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.