Vulnerabilities > CVE-2022-23678 - Unspecified vulnerability in HP Aruba Virtual Intranet Access

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

NVD

Published: 2022-09-06

Updated: 2022-09-13

Summary

A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Aruba Virtual Intranet Access 3.0.0 HP Aruba Virtual Intranet Access 3.1.0 HP Aruba Virtual Intranet Access 3.2.0 HP Aruba Virtual Intranet Access 3.2.1 HP Aruba Virtual Intranet Access 3.2.2 HP Aruba Virtual Intranet Access 3.2.3 HP Aruba Virtual Intranet Access 3.2.4 HP Aruba Virtual Intranet Access 3.3.0 HP Aruba Virtual Intranet Access 3.3.1 HP Aruba Virtual Intranet Access 3.3.2 HP Aruba Virtual Intranet Access 3.4.0 HP Aruba Virtual Intranet Access 3.4.1 HP Aruba Virtual Intranet Access 3.4.2 HP Aruba Virtual Intranet Access 4.0.0 HP Aruba Virtual Intranet Access 4.0.1 HP Aruba Virtual Intranet Access 4.0.2 HP Aruba Virtual Intranet Access 4.0.3 HP Aruba Virtual Intranet Access 4.1.0 HP Aruba Virtual Intranet Access 4.1.1 HP Aruba Virtual Intranet Access 4.1.2 HP Aruba Virtual Intranet Access 4.1.3 HP Aruba Virtual Intranet Access 4.2.0	22
OS	Microsoft Microsoft Windows -	1

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt