CVE-2023-38402 HIGH

CVE-2023-38402: Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client

Vendor Hewlett Packard Enterprise (Hpe)
Product HPE Aruba Networking Virtual Intranet Access (VIA)
Published August 15, 2023
Last update October 3, 2024

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.

Key dates

02Disclosure timeline

August 15, 2023 CVE published
October 3, 2024 Record updated