CVE-2026-23808
8.1
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: NVD
Description
A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality.
Affected (6)
Products: Arubanetworks: Arubaos
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 10.3.0.0 to 10.4.1.10 |
| Running on/with | Platform Versions |
|---|---|
Arubanetworks 7010 | All versions |
Arubanetworks 7030 | All versions |
Arubanetworks 7205 | All versions |
Arubanetworks 7210 | All versions |
Arubanetworks 7220 | All versions |
Arubanetworks 7240xm | All versions |
Arubanetworks 7280 | All versions |
Arubanetworks 9004 | All versions |
Arubanetworks 9004 Lte | All versions |
Arubanetworks 9012 | All versions |
Arubanetworks 9106 | All versions |
Arubanetworks 9114 | All versions |
Arubanetworks 9240 | All versions |
Arubanetworks Ap 634 | All versions |
Arubanetworks Ap 635 | All versions |
Arubanetworks Ap 654 | All versions |
Arubanetworks Ap 655 | All versions |
References (1)
Source: security-alert@hpe.com
Vendor Advisory
Timeline
No history available yet.