CVE-2023-4896
Authenticated Disclosure of Sensitive Information in AirWave Management Platform
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.
Existe una vulnerabilidad que permite a un atacante autenticado acceder a información confidencial en la interfaz de administración basada en web de AirWave Management Platform. La explotación exitosa permite al atacante obtener acceso a algunos datos que podrían explotarse aún más para acceder lateralmente a los dispositivos administrados y monitorizados por el servidor AirWave.
*Credits:
1njected (bugcrowd.com/1njected)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-11 CVE Reserved
- 2023-10-17 CVE Published
- 2024-09-13 CVE Updated
- 2024-10-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-015.txt | 2023-10-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Arubanetworks Search vendor "Arubanetworks" | Airwave Search vendor "Arubanetworks" for product "Airwave" | <= 8.2.15.2 Search vendor "Arubanetworks" for product "Airwave" and version " <= 8.2.15.2" | - |
Affected
| ||||||
| Arubanetworks Search vendor "Arubanetworks" | Airwave Search vendor "Arubanetworks" for product "Airwave" | >= 8.3.0 < 8.3.0.2 Search vendor "Arubanetworks" for product "Airwave" and version " >= 8.3.0 < 8.3.0.2" | - |
Affected
| ||||||