CVE-2008-7095

The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:arubanetworks:aruba_mobility_controller:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.3.2.6:*:*:*:*:*:*:*

Information

Published : 2009-08-27 11:30

Updated : 2018-10-11 13:58


NVD link : CVE-2008-7095

Mitre link : CVE-2008-7095


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

arubanetworks

  • arubaos
  • aruba_mobility_controller