CVE-2023-38401 HIGH

CVE-2023-38401: Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client

Vendor Hewlett Packard Enterprise (Hpe)
Product HPE Aruba Networking Virtual Intranet Access (VIA)
Published August 15, 2023
Last update November 22, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.

Key dates

02Disclosure timeline

August 15, 2023 CVE published
November 22, 2024 Record updated