First published: Thu Dec 08 2022(Updated: )
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Airwave | <=8.2.15.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-37916 refers to vulnerabilities in the AirWave Management Platform web-based management interface that expose certain URLs to a lack of proper access controls, potentially allowing a remote attacker with limited privileges to access sensitive information and alter network configurations.
CVE-2022-37916 has a severity rating of high with a value of 8.1.
The AirWave Management Platform version 8.2.15.0 is affected by CVE-2022-37916.
A remote attacker with limited privileges can exploit CVE-2022-37916 by exploiting the lack of proper access controls in the AirWave Management Platform web-based management interface to gain unauthorized access to sensitive information and potentially modify network configurations.
You can find more information about CVE-2022-37916 in the Aruba Networks security advisory available at https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt.