VULNERABILITY

Aruba AOS-CX: CVE-2022-0778: Faulty OpenSSL Handling of Certificates Containing Elliptic Curve Public Keys Leading to Denial of Service

Try Surface Command Get a continuous 360° view of your attack surface
Back to Search

Aruba AOS-CX: CVE-2022-0778: Faulty OpenSSL Handling of Certificates Containing Elliptic Curve Public Keys Leading to Denial of Service

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
05/04/2022
Created
03/10/2025
Added
02/24/2025
Modified
02/24/2025

Description

A vulnerability has been identified in a commonly used component in multiple Aruba products. This vulnerability allows attackers to use specially crafted certificates resulting in denial of service. Details can be found at: https://nvd.nist.gov/vuln/detail/CVE-2022-0778 Aruba Threat Labs analyzed and tested this vulnerability in the products using the affected component. What has been found is that exploitation of this vulnerability is not straightforward and dependent upon many factors that an attacker may not be able to control. Aruba has chosen to keep the NVD provided severity score as a reference. The impact on products using the affected component is very low based on ongoing testing.

Solution(s)

  • aruba-aos-cx-cve-2022-0778

References

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;