ArubaOS IKE_AUTH config leads to partial info disclosure
CVE-2024-25616 Published on March 5, 2024
Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
Vulnerability Analysis
CVE-2024-25616 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Products Associated with CVE-2024-25616
Want to know whenever a new CVE is published for Aruba Networks Arubaos? stack.watch will email you.
Affected Versions
Hewlett Packard Enterprise (HPE) ArubaOS Wi-Fi Controllers and Campus/Remote Access Points:- Version ArubaOS 10.5.x.x: 10.5.0.1 and below is affected.
- Version ArubaOS 10.4.x.x: 10.4.0.3 and below is affected.
- Version ArubaOS 8.11.x.x: 8.11.2.0 and below is affected.
- Version ArubaOS 8.10.x.x: 8.10.0.9 and below is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.