CVE-2023-22787 HIGH

CVE-2023-22787: Unauthenticated Denial of Service (DoS) in Aruba InstantOS or ArubaOS 10 Service Accessed via the PAPI Protocol

Vendor Hewlett Packard Enterprise (Hpe)
Product Aruba Access Points running InstantOS and ArubaOS 10
Published May 8, 2023
Last update January 31, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.

Key dates

02Disclosure timeline

May 8, 2023 CVE published
January 31, 2025 Record updated