CVE-2024-25616

Published: Mar 5, 2024Modified: Jul 28, 2025

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.

Affected (4)

Products: Arubanetworks: Arubaos

Arubanetworks

1 product

Arubaos

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Arubaos	From 10.4.0.0 to 10.4.1.0
Arubanetworks Arubaos	From 10.5.0.0 to 10.5.1.0
Arubanetworks Arubaos	From 8.10.0.0 to 8.10.0.10
Arubanetworks Arubaos	From 8.11.0.0 to 8.11.2.1

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt

Source: security-alert@hpe.com

Broken Link

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.