CVE-2022-37894

MEDIUM

ArubaOS 10.3.0.0-10.3.1.0 & Aruba Instant 6.4.0.0-6.4.4.8-4.2.4.20 - DoS via SSID String Handling

Title source: llm

Description

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.

References (2)

Core 2

Core References

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 31.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (3)

arubanetworks/arubaos 10.3.0.0 - 10.3.1.1

arubanetworks/instant 6.4.0.0 - 6.4.4.8-4.2.4.21

siemens/scalance_w1750d_firmware

Published Oct 07, 2022

Tracked Since Feb 18, 2026