vulnerability
Aruba AOS-10: CVE-2022-47522: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:A/AC:M/Au:N/C:C/I:C/A:C) | Mar 30, 2023 | Jan 14, 2025 | Apr 2, 2026 |
Severity
8
CVSS
(AV:A/AC:M/Au:N/C:C/I:C/A:C)
Published
Mar 30, 2023
Added
Jan 14, 2025
Modified
Apr 2, 2026
Description
The paper specifically mentions certain Aruba WLAN products
running ArubaOS version 8.4.0.0 as affected.
After further investigation, Aruba separates the vulnerabilities
described in the paper in the following 3 scenarios:
1) Exploiting Power Save Features:
No Aruba Products are vulnerable to this scenario.
2) Security Context Override (SCO):
All versions of the Aruba products listed under the Affected
Products section are vulnerable to this attack. An attacker needs
to be authenticated to the Wi-Fi network using valid credentials
before being able to carry out the attack. This would imply that
the vulnerability requires an insider threat to be exploited.
Data encryption such as TLS prevents the disclosure of sensitive
information or allowing an attacker to steal the victims session.
3) Fast Reconnect Attack:
The following Aruba products and versions are affected:
- ArubaOS Wi-Fi Controllers and Campus/ Remote Access Points
- 8.9.0.3 and below
- 8.6.0.20 and below
- Aruba InstantOS / Aruba Access Points running ArubaOS 10
- 10.3.1.0 and below
- 8.9.0.3 and below
- 8.8.0.3 and below
- 8.7.1.11 and below
- 8.6.0.18 and below
- 6.5.4.23 and below
- 6.4.4.8-4.2.4.20 and below
- Aruba Instant On Access Points
- 2.8 and below
The published paper can be found at
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
running ArubaOS version 8.4.0.0 as affected.
After further investigation, Aruba separates the vulnerabilities
described in the paper in the following 3 scenarios:
1) Exploiting Power Save Features:
No Aruba Products are vulnerable to this scenario.
2) Security Context Override (SCO):
All versions of the Aruba products listed under the Affected
Products section are vulnerable to this attack. An attacker needs
to be authenticated to the Wi-Fi network using valid credentials
before being able to carry out the attack. This would imply that
the vulnerability requires an insider threat to be exploited.
Data encryption such as TLS prevents the disclosure of sensitive
information or allowing an attacker to steal the victims session.
3) Fast Reconnect Attack:
The following Aruba products and versions are affected:
- ArubaOS Wi-Fi Controllers and Campus/ Remote Access Points
- 8.9.0.3 and below
- 8.6.0.20 and below
- Aruba InstantOS / Aruba Access Points running ArubaOS 10
- 10.3.1.0 and below
- 8.9.0.3 and below
- 8.8.0.3 and below
- 8.7.1.11 and below
- 8.6.0.18 and below
- 6.5.4.23 and below
- 6.4.4.8-4.2.4.20 and below
- Aruba Instant On Access Points
- 2.8 and below
The published paper can be found at
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
Solution
aruba-aos-10-cve-2022-47522
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.