CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
71.2%
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product’s security documentation.
Vendor | Product | Version | CPE |
---|---|---|---|
arubanetworks | aruba_mobility_controller | - | cpe:2.3:h:arubanetworks:aruba_mobility_controller:-:*:*:*:*:*:*:* |
arubanetworks | arubaos | 3.3.1.16 | cpe:2.3:o:arubanetworks:arubaos:3.3.1.16:*:*:*:*:*:*:* |