CVE-2023-38401

HIGH

HPE Aruba VIA - Privilege Escalation

Title source: llm

Description

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.

References (1)

Core 1

Core References

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 30.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (1)

hp/aruba_virtual_intranet_access < 4.5.0

Published Aug 15, 2023

Tracked Since Feb 18, 2026