vulnerability
Aruba AOS-10: CVE-2022-47522: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:A/AC:H/Au:N/C:C/I:C/A:C) | 2023-03-30 | 2025-01-14 | 2025-04-03 |
Severity
7
CVSS
(AV:A/AC:H/Au:N/C:C/I:C/A:C)
Published
2023-03-30
Added
2025-01-14
Modified
2025-04-03
Description
The paper specifically mentions certain Aruba WLAN products
running ArubaOS version 8.4.0.0 as affected.
After further investigation, Aruba separates the vulnerabilities
described in the paper in the following 3 scenarios:
1) Exploiting Power Save Features:
No Aruba Products are vulnerable to this scenario.
2) Security Context Override (SCO):
All versions of the Aruba products listed under the Affected
Products section are vulnerable to this attack. An attacker needs
to be authenticated to the Wi-Fi network using valid credentials
before being able to carry out the attack. This would imply that
the vulnerability requires an insider threat to be exploited.
Data encryption such as TLS prevents the disclosure of sensitive
information or allowing an attacker to steal the victims session.
3) Fast Reconnect Attack:
The following Aruba products and versions are affected:
- ArubaOS Wi-Fi Controllers and Campus/ Remote Access Points
- 8.9.0.3 and below
- 8.6.0.20 and below
- Aruba InstantOS / Aruba Access Points running ArubaOS 10
- 10.3.1.0 and below
- 8.9.0.3 and below
- 8.8.0.3 and below
- 8.7.1.11 and below
- 8.6.0.18 and below
- 6.5.4.23 and below
- 6.4.4.8-4.2.4.20 and below
- Aruba Instant On Access Points
- 2.8 and below
The published paper can be found at
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
running ArubaOS version 8.4.0.0 as affected.
After further investigation, Aruba separates the vulnerabilities
described in the paper in the following 3 scenarios:
1) Exploiting Power Save Features:
No Aruba Products are vulnerable to this scenario.
2) Security Context Override (SCO):
All versions of the Aruba products listed under the Affected
Products section are vulnerable to this attack. An attacker needs
to be authenticated to the Wi-Fi network using valid credentials
before being able to carry out the attack. This would imply that
the vulnerability requires an insider threat to be exploited.
Data encryption such as TLS prevents the disclosure of sensitive
information or allowing an attacker to steal the victims session.
3) Fast Reconnect Attack:
The following Aruba products and versions are affected:
- ArubaOS Wi-Fi Controllers and Campus/ Remote Access Points
- 8.9.0.3 and below
- 8.6.0.20 and below
- Aruba InstantOS / Aruba Access Points running ArubaOS 10
- 10.3.1.0 and below
- 8.9.0.3 and below
- 8.8.0.3 and below
- 8.7.1.11 and below
- 8.6.0.18 and below
- 6.5.4.23 and below
- 6.4.4.8-4.2.4.20 and below
- Aruba Instant On Access Points
- 2.8 and below
The published paper can be found at
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
Solution
aruba-aos-10-cve-2022-47522
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.