Unrated severityNVD Advisory· Published May 8, 2023· Updated Jan 31, 2025

Aruba InstantOS and ArubaOS 10 Sensitive Information Disclosure

CVE-2023-22791

Description

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

Affected products

Arubanetworks/Aruba InstantOSllm-fuzzy
Arubanetworks/ArubaOS-CXllm-fuzzy
Hewlett Packard Enterprise (HPE)/Aruba Access Points running InstantOS and ArubaOS 10v5
Range: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txtmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000