Network Interception Vulnerability in Aruba Virtual Intranet Access Client for Windows
CVE-2022-23678

5.9MEDIUM

Key Information:

Vendor

HP
Status
Aruba Virtual Intranet Access (via)
Vendor
CVE Published:
6 September 2022

What is CVE-2022-23678?

A security flaw in the Aruba Virtual Intranet Access (VIA) client for Windows allows an attacker located on a privileged network to intercept sensitive data. This vulnerability is present in Aruba VIA client versions 4.3.0 build 2208101 and earlier. Aruba has issued updates to fix this issue, ensuring secure client communications. Users are encouraged to upgrade to the latest version to protect against potential data breaches.

Affected Version(s)

Aruba Virtual Intranet Access (VIA) Windows Client Only - All versions lower than VIA 4.3.0 build 2208101

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.