Network Interception Vulnerability in Aruba Virtual Intranet Access Client for Windows
CVE-2022-23678

5.9MEDIUM

Key Information:

Vendor: HP
Status: Aruba Virtual Intranet Access (via)
Vendor: CVE Published:; 6 September 2022

What is CVE-2022-23678?

A security flaw in the Aruba Virtual Intranet Access (VIA) client for Windows allows an attacker located on a privileged network to intercept sensitive data. This vulnerability is present in Aruba VIA client versions 4.3.0 build 2208101 and earlier. Aruba has issued updates to fix this issue, ensuring secure client communications. Users are encouraged to upgrade to the latest version to protect against potential data breaches.

Affected Version(s)

Aruba Virtual Intranet Access (VIA) Windows Client Only - All versions lower than VIA 4.3.0 build 2208101

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Jan 19, 2022

HP

What is CVE-2022-23678?

Affected Version(s)

References

CVSS V3.1

Timeline