Lucene search

[email protected]CVE-2007-0931

HistoryFeb 14, 2007 - 11:28 a.m.

CVE-2007-0931

2007-02-1411:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0931

heap-based buffer overflow

aruba mobility controllers

alcatel-lucent omniaccess wireless

management interfaces

denial of service

arbitrary code execution

remote attackers

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.227 Low

EPSS

Percentile

96.6%

JSON

Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.

Affected configurations

NVD

Node

alcatel-lucentomniaccess_wirelessMatch43xx

alcatel-lucentomniaccess_wirelessMatch6000

arubamobility_controllerMatch200

arubamobility_controllerMatch800

arubamobility_controllerMatch2400

arubamobility_controllerMatch6000

CPENameOperatorVersion
alcatel-lucent:omniaccess_wirelessalcatel-lucent omniaccess wirelesseq43xx
alcatel-lucent:omniaccess_wirelessalcatel-lucent omniaccess wirelesseq6000
aruba:mobility_controlleraruba mobility controllereq200
aruba:mobility_controlleraruba mobility controllereq800
aruba:mobility_controlleraruba mobility controllereq2400
aruba:mobility_controlleraruba mobility controllereq6000

CPE	Name	Operator	Version
alcatel-lucent:omniaccess_wireless	alcatel-lucent omniaccess wireless	eq	43xx
alcatel-lucent:omniaccess_wireless	alcatel-lucent omniaccess wireless	eq	6000
aruba:mobility_controller	aruba mobility controller	eq	200
aruba:mobility_controller	aruba mobility controller	eq	800
aruba:mobility_controller	aruba mobility controller	eq	2400
aruba:mobility_controller	aruba mobility controller	eq	6000

References

lists.grok.org.uk/pipermail/full-disclosure/2007-February/052380.html

osvdb.org/33184

secunia.com/advisories/24144

securityreason.com/securityalert/2244

www.kb.cert.org/vuls/id/319913

www.securityfocus.com/archive/1/459928/100/0/threaded

www.securityfocus.com/bid/22538

exchange.xforce.ibmcloud.com/vulnerabilities/32459

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.227 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2007-0931

nvd1 cvelist1 prion1 securityvulns1