Lucene search

[email protected]CVE-2024-25616

HistoryMar 05, 2024 - 9:15 p.m.

CVE-2024-25616

2024-03-0521:15:08

[email protected]

web.nvd.nist.gov

aruba

arubaos

cve-2024-25616

sensitive information

disclosure

ike_auth

nvd

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
      },
      {
        "status": "affected",
        "version": "ArubaOS 8.10.x.x:  8.10.0.9 and below"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-25616

prion1 cvelist1 nvd1 nessus1