CVE-2022-37909

MEDIUM

Aruba SD-WAN 8.7.0.0-2.3.0.5 & ArubaOS 6.5.4.0-6.5.4.21 - Sensitive Information Exposure via ESSID

Title source: llm

Description

Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.

References (1)

Core 1

Core References

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt

Scores

CVSS v3 5.3

EPSS 0.0009

EPSS Percentile 26.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (2)

arubanetworks/arubaos 6.5.4.0 - 6.5.4.22

arubanetworks/sd-wan 8.7.0.0-2.3.0.0 - 8.7.0.0-2.3.0.6

Published Dec 12, 2022

Tracked Since Feb 18, 2026