Aruba Mobility Controller SNMP Community String Disclosure

2008.11.05
Risk: High
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 7.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: None
Availability impact: None

Aruba Mobility Controller SNMP Community String Disclosure Product: Aruba Mobility Controller http://www.arubanetworks.com/products/mobility_controllers.php Aruba mobility controller can be monitored via SNMP. It is possible to learn all configured SNMP community strings as long as at least one of them is known to the attacker. This can be accomplished by walking OID branch SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3). While the vulnerability is not in any way exposing the Aruba controller itself, the disclosure may lead to unauthorized access to other devices for which the attacker originally did not possess valid community strings. Similarly it is possible to enumerate SNMPv3 users by inspecting SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB but the passwords are not disclosed. This means that only noAuthNoPriv users represent an immediate exposure. The vulnerability has been identified in ArubaOS version 3.3.2.6 but previous versions are also likely affected. Solution: Do not rely solely on SNMP community strings to separate access by different clients. Where impractical, use unique community strings for the Aruba infrastructure. Found by: nnposter

References:

http://www.securityfocus.com/bid/32102
http://www.securityfocus.com/archive/1/archive/1/498033/100/0/threaded
http://osvdb.org/51916


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top