Lucene search

[email protected]CVE-2007-0932

HistoryFeb 14, 2007 - 11:28 a.m.

CVE-2007-0932

2007-02-1411:28:00

CWE-264

[email protected]

web.nvd.nist.gov

aruba

alcatel-lucent

wireless

authentication

vulnerability

cve-2007-0932

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.3%

JSON

The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.

CPENameOperatorVersion
aruba:mobility_controlleraruba mobility controllereq6000
alcatel-lucent:omniaccess_wirelessalcatel-lucent omniaccess wirelesseq43xx
alcatel-lucent:omniaccess_wirelessalcatel-lucent omniaccess wirelesseq6000
aruba:mobility_controlleraruba mobility controllereq800
aruba:mobility_controlleraruba mobility controllereq200
aruba:mobility_controlleraruba mobility controllereq2400

CPE	Name	Operator	Version
aruba:mobility_controller	aruba mobility controller	eq	6000
alcatel-lucent:omniaccess_wireless	alcatel-lucent omniaccess wireless	eq	43xx
alcatel-lucent:omniaccess_wireless	alcatel-lucent omniaccess wireless	eq	6000
aruba:mobility_controller	aruba mobility controller	eq	800
aruba:mobility_controller	aruba mobility controller	eq	200
aruba:mobility_controller	aruba mobility controller	eq	2400

References

lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html

osvdb.org/33185

secunia.com/advisories/24144

securityreason.com/securityalert/2243

www.kb.cert.org/vuls/id/613833

www.securityfocus.com/archive/1/459927/100/0/threaded

www.securityfocus.com/bid/22538

exchange.xforce.ibmcloud.com/vulnerabilities/32461

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.3%

JSON

Related for CVE-2007-0932

prion1 securityvulns1 packetstorm1