CVE-2022-37918: 
NixOS vulnerability analysis and mitigation

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.1 HIGH with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. This indicates that the vulnerability is network exploitable (AV:N), requires low attack complexity (AC:L), requires low privileges (PR:L), needs no user interaction (UI:N), has unchanged scope (S:U), and can impact both confidentiality and integrity (C:H, I:H) but does not affect availability (A:N) (NVD).

The vulnerability allows remote attackers with limited privileges to access sensitive information and modify network configurations with elevated privileges. This could potentially lead to unauthorized access to sensitive data and unauthorized changes to network settings (NVD).

Users should upgrade to a version higher than AirWave Management Platform 8.2.15.0. The vulnerability has been addressed in newer versions of the software (Aruba Advisory).