Main Vulnerability Database Vulnerabilities #VU74346

#VU74346 Missing Encryption of Sensitive Data in ArubaOS (AOS) and Aruba Instant - CVE-2022-47522

Published: April 4, 2023 / Updated: February 10, 2025

Vulnerability identifier: #VU74346

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2022-47522

CWE-ID: CWE-311

Exploitation vector: Adjecent network

Exploit availability: Public exploit is available

Vulnerable software:
ArubaOS (AOS)
Aruba Instant

Software vendor:
Aruba Networks

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the way Wi-Fi devices manage transmit queues. A remote attacker can force the device to send traffic unencrypted by manipulating the transmit queues.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-005.txt
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf

#VU74346 Missing Encryption of Sensitive Data in ArubaOS (AOS) and Aruba Instant - CVE-2022-47522

Description

Remediation

External links

Please verify you're human