CVE-2022-23678 - OpenCVE

A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Hp	Aruba Virtual Intranet Access

Configuration 1 [-]

AND

cpe:2.3:a:hp:aruba_virtual_intranet_access:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2022-09-06T17:18:52

Updated: 2022-09-06T17:18:52

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23678

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-06T18:15:10.713

Modified: 2022-09-13T15:02:35.827

Link: CVE-2022-23678

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Aruba Virtual Intranet Access (VIA)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."}], "problemTypes": [{"descriptions": [{"description": "remote disclosure of sensitive information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T17:18:52", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2022-23678", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Aruba Virtual Intranet Access (VIA)", "version": {"version_data": [{"version_value": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote disclosure of sensitive information"}]}]}, "references": {"reference_data": [{"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-23678", "datePublished": "2022-09-06T17:18:52", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2022-09-06T17:18:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:aruba_virtual_intranet_access:*:*:*:*:*:*:*:*", "matchCriteriaId": "13DA52C8-7CC4-4AEC-ADF6-57A35E0F2943", "versionEndExcluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad en las comunicaciones del cliente Aruba Virtual Intranet Access (VIA) para el sistema operativo Microsoft Windows que podr\u00eda permitir a un atacante en una posici\u00f3n de red privilegiada interceptar informaci\u00f3n confidencial en las versiones del cliente Aruba Virtual Intranet Access (VIA) para el sistema operativo Microsoft Windows: versiones 4.3.0 build 2208101 y posteriores. Aruba ha publicado actualizaciones para el cliente Virtual Intranet Access (VIA) que abordan esta vulnerabilidad de seguridad."}], "id": "CVE-2022-23678", "lastModified": "2022-09-13T15:02:35.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-06T18:15:10.713", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}