First published: Fri Oct 07 2022(Updated: )
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Arubaos | >=10.3.0.0<10.3.1.1 | |
Arubanetworks Instant | >=6.4.0.0<6.4.4.8-4.2.4.21 | |
Arubanetworks Instant | >=6.5.0.0<6.5.4.24 | |
Arubanetworks Instant | >=8.6.0.0<8.6.0.19 | |
Arubanetworks Instant | >=8.7.0.0<8.7.1.10 | |
Arubanetworks Instant | >=8.10.0.0<8.10.0.2 | |
Siemens Scalance W1750d Firmware | ||
Siemens SCALANCE W1750D |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-37896.
The severity level of CVE-2022-37896 is medium with a CVSS score of 6.1.
The affected software includes Aruba InstantOS and ArubaOS 10 versions 10.3.0.0 to 10.3.1.1, Aruba Instant versions 6.4.0.0 to 6.4.4.8-4.2.4.21, 6.5.0.0 to 6.5.4.24, 8.6.0.0 to 8.6.0.19, 8.7.0.0 to 8.7.1.10, and 8.10.0.0 to 8.10.0.2.
The impact of CVE-2022-37896 is that a remote attacker could conduct a reflected cross-site scripting (XSS) attack against a user of the web management interface, potentially executing arbitrary script code in the victim's browser.
Yes, Aruba Networks has released security updates to address the vulnerability. It is recommended to update to the latest available version of the affected software.