CVE-2022-37895

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.

Published: Oct 7, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-37895
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
arubanetworks / instant	8.10.0.0	8.10.0.2
arubanetworks / instant	8.7.0.0	8.7.1.10
arubanetworks / instant	8.6.0.0	8.6.0.19
arubanetworks / instant	6.5.0.0	6.5.4.24
arubanetworks / instant	6.4.0.0	6.4.4.8-4.2.4.21
arubanetworks / arubaos	10.3.0.0	10.3.1.1
siemens / scalance_w1750d_firmware	-	-

Vulnerability Database

289,599

CVE-2022-37895