CVE-2016-2032 – Aruba Authentication Bypass / Insecure Transport / Tons Of Issues

https://notcve.org/view.php?id=CVE-2016-2032

A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 Se presenta una vulnerabilidad en Aruba AirWave Management Platform versiones 8.x anteriores a 8.2, en la interfaz de administración de un componente de un sistema subyacente llamado RabbitMQ, lo que podría permitir a un usuario malicioso obtener información confidencial. Esta interfaz escucha sobre los puertos TCP 15672 y 55672 Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices. • http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html http://seclists.org/fulldisclosure/2016/May/19 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt https://www.google.com/about/appsecurity/research • CWE-287: Improper Authentication •