CVE-2016-2032 – Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
https://notcve.org/view.php?id=CVE-2016-2032
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 Se presenta una vulnerabilidad en Aruba AirWave Management Platform versiones 8.x anteriores a 8.2, en la interfaz de administración de un componente de un sistema subyacente llamado RabbitMQ, lo que podría permitir a un usuario malicioso obtener información confidencial. Esta interfaz escucha sobre los puertos TCP 15672 y 55672 Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices. • http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html http://seclists.org/fulldisclosure/2016/May/19 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt https://www.google.com/about/appsecurity/research • CWE-287: Improper Authentication •
CVE-2014-8368
https://notcve.org/view.php?id=CVE-2014-8368
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. La interfaz web en Aruba Networks AirWave anterior a 7.7.14 y 8.x anterior a 8.0.5 permite a usuarios remotos autenticados ganar privilegios y ejecutar código arbitrario a través de vectores no especificados. • http://secunia.com/advisories/62578 http://www.arubanetworks.com/support/alerts/aid-11192014.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/98871 • CWE-264: Permissions, Privileges, and Access Controls •