Description
Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- Hewlett Packard Enterprise (HPE) / ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 10.5.x.x: 10.5.0.1 and below – ArubaOS 10.5.x.x: 10.5.0.1 and below
- Hewlett Packard Enterprise (HPE) / ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 10.4.x.x: 10.4.0.3 and below – ArubaOS 10.4.x.x: 10.4.0.3 and below
- Hewlett Packard Enterprise (HPE) / ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 8.11.x.x: 8.11.2.0 and below – ArubaOS 8.11.x.x: 8.11.2.0 and below
- Hewlett Packard Enterprise (HPE) / ArubaOS Wi-Fi Controllers and Campus/Remote Access PointsArubaOS 8.10.x.x: 8.10.0.9 and below – ArubaOS 8.10.x.x: 8.10.0.9 and below