vulnerability
Aruba ECOS: CVE-2022-0778: Faulty OpenSSL Handling of Certificates Containing Elliptic Curve Public Keys Leading to Denial of Service
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | 2022-05-04 | 2025-03-17 | 2025-04-03 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
2022-05-04
Added
2025-03-17
Modified
2025-04-03
Description
A vulnerability has been identified in a commonly used
component in multiple Aruba products. This vulnerability allows
attackers to use specially crafted certificates resulting in
denial of service.
Details can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
Aruba Threat Labs analyzed and tested this vulnerability in the
products using the affected component. What has been found is
that exploitation of this vulnerability is not straightforward
and dependent upon many factors that an attacker may not be
able to control.
Aruba has chosen to keep the NVD provided severity score as a
reference. The impact on products using the affected
component is very low based on ongoing testing.
component in multiple Aruba products. This vulnerability allows
attackers to use specially crafted certificates resulting in
denial of service.
Details can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
Aruba Threat Labs analyzed and tested this vulnerability in the
products using the affected component. What has been found is
that exploitation of this vulnerability is not straightforward
and dependent upon many factors that an attacker may not be
able to control.
Aruba has chosen to keep the NVD provided severity score as a
reference. The impact on products using the affected
component is very low based on ongoing testing.
Solution
aruba-ecos-cve-2022-0778
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.