CVE-2023-4896
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.3 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.3%
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| arubanetworks:airwave | arubanetworks airwave | le | 8.2.15.2 |
| arubanetworks:airwave | arubanetworks airwave | lt | 8.3.0.2 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Aruba AirWave Management Platform",
"vendor": "HewarHewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "8.3.0.1 and below "
},
{
"status": "affected",
"version": "8.2.15.2 and below"
}
]
}
]Related
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.3 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.3%