Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7095

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-7095
Last Modified 28 Aug 2009 12:00:00
Published 27 Aug 2009 02:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7095

Summary

The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.

Vulnerable Systems

Operating System

  • Arubanetworks Arubaos 3.3.2.6


References

BID - 32102

BUGTRAQ - 20081104 Aruba Mobility Controller SNMP Community String Disclosure

OSVDB - 51916


Last Updated: 27 May 2016 10:49:28