Description
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.
Scores
CVSS v3
5.4
EPSS
0.0001
EPSS Percentile
0.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-327
Status
published
Products (8)
arubanetworks/arubaos
10.8.0.0
arubanetworks/arubaos
6.5.4.0 - 8.10.0.21
Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
10.4.0.0 - 10.4.1.10
Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
10.7.0.0 - 10.7.2.2
Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
10.8.0.0
Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
8.10.0.0 - 8.10.0.21
Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
8.12.0.0 - 8.12.0.6
Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
8.13.0.0 - 8.13.1.1
Published
Mar 04, 2026
Tracked Since
Mar 05, 2026