CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

CVE•added 2009/08/27 6:0 p.m.•54 views

CVE-2008-7095

The CVE-2008-7095 entry affects ArubaOS 3.3.2.6 on Aruba Mobility Controller, where the SNMP daemon does not restrict SNMP access. This allows remote attackers to read SNMP data: (1) all community strings via SNMP-COMMUNITY-MIB::snmpCommunityName or vacmGroupName via SNMP-VIEW-BASED-ACM-MIB with ...

7.8CVSS6.8AI score0.01411EPSS

Exploits0References3Affected Software2

NVD•added 2009/08/21 2:30 p.m.•16 views

CVE-2008-7023

Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in...

10CVSS6.8AI score0.01809EPSS

Exploits0References4

Cvelist•added 2009/08/21 2:0 p.m.•22 views

CVE-2008-7023

6.8AI score0.01809EPSS

Exploits0References4

CVE•added 2009/08/21 2:0 p.m.•48 views

CVE-2008-7023

The CVE-2008-7023 entry describes an authentication bypass in Aruba Mobility Controller (ArubaOS 3.3.1.16 and possibly other versions) caused by the use of the same default X.509 certificate across installations. This enables remote bypass of authentication. No exploitation details or remediation...

10CVSS7AI score0.01809EPSS

Exploits0References4Affected Software2

seebug.org•added 2009/04/28 12:0 a.m.•27 views

Aruba Mobility Controller基于公钥SSH认证绕过安全限制漏洞

BUGTRAQ ID: 34711 Aruba Mobility Controller可为企业提供移动接入解决方案。 Aruba Mobility Controller允许使用SSH访问控制器的用户通过公钥进行认证。基于密钥的SSH认证组件中的安全漏洞允许用户获得对Aruba Mobility Controller管理帐号的非授权SSH访问。请注意这种认证方式不是默认的，必须手动配置。 Aruba Networks Mobility Controllers 3.3.2.x Aruba Networks Mobility Controllers 3.3.1.x Aruba Networks...

6.9AI score

Exploits0

securityvulns•added 2009/04/27 12:0 a.m.•34 views

Aruba Mobility Controller unauthorized access

Vulnerability in SSH key check allows unauthenticated SSH access to device...

4.9AI score

Exploits0References1Affected Software2

securityvulns•added 2009/04/27 12:0 a.m.•73 views

Aruba Advisory ID: AID-42309 Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication. Aruba Advisory ID: AID-42309 Revision: 1.0 For Public Release on 4/23/2009...

7.5AI score

Exploits0

Prion•added 2008/12/15 6:0 p.m.•15 views

Authentication flaw

Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service device crash via a malformed Extensible Authentication Protocol EAP frame...

7.8CVSS7.2AI score0.02145EPSS

Exploits0References6Affected Software2

NVD•added 2008/12/15 6:0 p.m.•12 views

CVE-2008-5563

7.8CVSS6.7AI score0.02145EPSS

Exploits0References6

Cvelist•added 2008/12/15 5:45 p.m.•21 views

CVE-2008-5563

6.7AI score0.02145EPSS

Exploits0References6

CVE•added 2008/12/15 5:45 p.m.•62 views

CVE-2008-5563

CVE-2008-5563 affects Aruba Mobility Controller versions 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x. The vulnerability allows remote attackers to cause a denial of service (device crash) by sending a malformed EAP frame. The sources consistently describe a network-exposed DoS vector ...

7.8CVSS6.7AI score0.02145EPSS

Exploits0References6Affected Software3

securityvulns•added 2008/12/10 12:0 a.m.•23 views

Aruba Mobility Controller wireless routers DoS

Crash on malformed EAP authentication...

3.4AI score

Exploits0References1Affected Software1

securityvulns•added 2008/12/10 12:0 a.m.•51 views

DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame (Aruba Advisory ID: AID-12808)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame. Aruba Advisory ID: AID-12808 Revision: 1.0 For Public Release on 12/8/2008 +----------------------------------------------------...

0.3AI score

Exploits0

securityvulns•added 2008/11/10 12:0 a.m.•30 views

Aruba Mobility Controller informaton leakage

Knowing any SNMP community with read access it's possible to learn any SNMP community...

3AI score

Exploits0References1

securityvulns•added 2008/11/10 12:0 a.m.•29 views

Aruba Mobility Controller SNMP Community String Disclosure

Aruba Mobility Controller SNMP Community String Disclosure Product: Aruba Mobility Controller http://www.arubanetworks.com/products/mobilitycontrollers.php Aruba mobility controller can be monitored via SNMP. It is possible to learn all configured SNMP community strings as long as at least one of...

1.4AI score

Exploits0

securityvulns•added 2008/09/24 12:0 a.m.•47 views

Aruba Mobility Controller shared certificate

All devices share same certificate with same private key...

3.1AI score

Exploits0References1

Japan Vulnerability Notes•added 2008/05/20 3:0 p.m.•1 views

Aruba Mobility Controller Series cross-site scripting vulnerability

Overview Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page to the web management screens. Impact...

4.3CVSS6.2AI score0.01484EPSS

Exploits0References5

Prion•added 2008/05/16 12:54 p.m.•16 views

Authentication flaw

Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors...

9CVSS7.2AI score0.02297EPSS

Exploits0References6Affected Software1

Prion•added 2008/05/16 12:54 p.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01223EPSS

Exploits0References6Affected Software1

NVD•added 2008/05/16 12:54 p.m.•13 views

CVE-2008-2272

4.3CVSS5.8AI score0.01223EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by