{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-22787","assignerOrgId":"eb103674-0d28-4225-80f8-39fb86215de0","state":"PUBLISHED","assignerShortName":"hpe","dateReserved":"2023-01-06T15:24:20.510Z","datePublished":"2023-05-08T14:07:00.289Z","dateUpdated":"2025-01-31T18:05:29.573Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Aruba Access Points running InstantOS and ArubaOS 10","vendor":"Hewlett Packard Enterprise (HPE)","versions":[{"status":"affected","version":"Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"},{"status":"affected","version":"Aruba InstantOS 6.5.x:  6.5.4.23 and below"},{"status":"affected","version":"Aruba InstantOS 8.6.x:  8.6.0.19 and below"},{"status":"affected","version":"Aruba InstantOS 8.10.x: 8.10.0.4 and below"},{"status":"affected","version":"ArubaOS 10.3.x:         10.3.1.0 and below"},{"status":"affected","version":"See reference document for further details"}]}],"credits":[{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Daniel Jensen (@dozernz)"}],"datePublic":"2023-05-09T20:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point."}],"value":"An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en"}]}],"providerMetadata":{"orgId":"eb103674-0d28-4225-80f8-39fb86215de0","shortName":"hpe","dateUpdated":"2023-05-08T14:07:18.315Z"},"references":[{"url":"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt"}],"source":{"discovery":"UNKNOWN"},"title":"Unauthenticated Denial of Service (DoS) in Aruba InstantOS or ArubaOS 10 Service Accessed via the PAPI Protocol","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T10:20:30.280Z"},"title":"CVE Program Container","references":[{"url":"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-noinfo Not enough information"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-31T18:05:05.306424Z","id":"CVE-2023-22787","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-31T18:05:29.573Z"}}]}}