CVE-2022-23678 - OpenCVE

A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Aruba Virtual Intranet Access
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:hp:aruba_virtual_intranet_access:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2022-09-06T17:18:52

Updated: 2024-08-03T03:51:45.413Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23678

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-06T18:15:10.713

Modified: 2022-09-13T15:02:35.827

Link: CVE-2022-23678

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Aruba Virtual Intranet Access (VIA)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."}], "problemTypes": [{"descriptions": [{"description": "remote disclosure of sensitive information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T17:18:52", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2022-23678", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Aruba Virtual Intranet Access (VIA)", "version": {"version_data": [{"version_value": "Windows Client Only - All versions lower than VIA 4.3.0 build 2208101"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote disclosure of sensitive information"}]}]}, "references": {"reference_data": [{"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt", "refsource": "MISC", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:51:45.413Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2022-23678", "datePublished": "2022-09-06T17:18:52", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:45.413Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:aruba_virtual_intranet_access:*:*:*:*:*:*:*:*", "matchCriteriaId": "13DA52C8-7CC4-4AEC-ADF6-57A35E0F2943", "versionEndExcluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad en las comunicaciones del cliente Aruba Virtual Intranet Access (VIA) para el sistema operativo Microsoft Windows que podr\u00eda permitir a un atacante en una posici\u00f3n de red privilegiada interceptar informaci\u00f3n confidencial en las versiones del cliente Aruba Virtual Intranet Access (VIA) para el sistema operativo Microsoft Windows: versiones 4.3.0 build 2208101 y posteriores. Aruba ha publicado actualizaciones para el cliente Virtual Intranet Access (VIA) que abordan esta vulnerabilidad de seguridad."}], "id": "CVE-2022-23678", "lastModified": "2022-09-13T15:02:35.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-06T18:15:10.713", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}