vulnerability
Aruba AOS-CX: CVE-2022-0778: Faulty OpenSSL Handling of Certificates Containing Elliptic Curve Public Keys Leading to Denial of Service
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | 05/04/2022 | 02/24/2025 | 04/03/2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
05/04/2022
Added
02/24/2025
Modified
04/03/2025
Description
A vulnerability has been identified in a commonly used
component in multiple Aruba products. This vulnerability allows
attackers to use specially crafted certificates resulting in
denial of service.
Details can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
Aruba Threat Labs analyzed and tested this vulnerability in the
products using the affected component. What has been found is
that exploitation of this vulnerability is not straightforward
and dependent upon many factors that an attacker may not be
able to control.
Aruba has chosen to keep the NVD provided severity score as a
reference. The impact on products using the affected
component is very low based on ongoing testing.
component in multiple Aruba products. This vulnerability allows
attackers to use specially crafted certificates resulting in
denial of service.
Details can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
Aruba Threat Labs analyzed and tested this vulnerability in the
products using the affected component. What has been found is
that exploitation of this vulnerability is not straightforward
and dependent upon many factors that an attacker may not be
able to control.
Aruba has chosen to keep the NVD provided severity score as a
reference. The impact on products using the affected
component is very low based on ongoing testing.
Solution
aruba-aos-cx-cve-2022-0778
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.