RSS   Vulnerabilities for 'Aruba mobility controller'   RSS

2009-11-02
 
CVE-2009-3836

CWE-noinfo
 

 
ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame.

 
2009-08-27
 
CVE-2008-7095

CWE-264
 

 
The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.

 
2009-08-21
 
CVE-2008-7023

CWE-310
 

 
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.

 
2008-12-15
 
CVE-2008-5563

CWE-399
 

 
Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame.

 

 >>> Vendor: Arubanetworks 8 Products
Arubaos
Aruba mobility controller
Clearpass
Clearpass guest
Clearpass policy manager
Airwave
Instant access point firmware
Web management portal


Copyright 2018, cxsecurity.com

 

Back to Top