Vulnerability CVE-2007-0932


Published: 2007-02-14   Modified: 2012-02-12

Description:
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.

See advisories in our WLB2 database:
Topic
Author
Date
High
Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account
Jan Mnther and M...
17.02.2007

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Aruba -> Mobility controller 
Alcatel-lucent -> Omniaccess wireless 

 References:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html
http://securityreason.com/securityalert/2243
http://www.kb.cert.org/vuls/id/613833
http://www.securityfocus.com/archive/1/459927/100/0/threaded
http://www.securityfocus.com/bid/22538
https://exchange.xforce.ibmcloud.com/vulnerabilities/32461

Copyright 2024, cxsecurity.com

 

Back to Top