CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2007-0932 – Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
https://notcve.org/view.php?id=CVE-2007-0932
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN. Los (1) controladores Aruba Mobility versiones 200, 600, 2400 y 6000 y (2) Alcatel-Lucent OmniAccess Wireless versiones 43xx y 6000 implementan de manera inapropiada la autenticación y la asignación de privilegios para la cuenta del invitado, lo que permite a los atacantes remotos acceder a interfaces administrativas o a la WLAN. Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html http://osvdb.org/33185 http://secunia.com/advisories/24144 http://securityreason.com/securityalert/2243 http://www.kb.cert.org/vuls/id/613833 http://www.securityfocus.com/archive/1/459927/100/0/threaded http://www.securityfocus.com/bid/22538 https://exchange.xforce.ibmcloud.com/vulnerabilities/32461 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 1CVE-2003-1108
https://notcve.org/view.php?id=CVE-2003-1108
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. • http://www.cert.org/advisories/CA-2003-06.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip http://www.kb.cert.org/vuls/id/528719 http://www.securityfocus.com/bid/6904 https://exchange.xforce.ibmcloud.com/vulnerabilities/11379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5831 •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0CVE-2002-2148
https://notcve.org/view.php?id=CVE-2002-2148
Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard (UDP port 9) packet, which causes the device to leak the information in the response. • http://online.securityfocus.com/archive/1/284650 http://www.iss.net/security_center/static/9704.php http://www.securityfocus.com/bid/5335 •
CVSS: 5.0EPSS: 3%CPEs: 3EXPL: 2CVE-2002-2149 – Lucent Access Point 300/600/1500 IP Services Router - Long HTTP Request Denial of Service
https://notcve.org/view.php?id=CVE-2002-2149
Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Routers allows remote attackers to cause a denial of service (reboot) via a long HTTP request to the administrative interface. • https://www.exploit-db.com/exploits/21656 http://online.securityfocus.com/archive/1/284649 http://www.iss.net/security_center/static/9705.php http://www.securityfocus.com/bid/5333 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2002-1691
https://notcve.org/view.php?id=CVE-2002-1691
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access. • http://marc.info/?l=bugtraq&m=101413767925869&w=2 http://www.securityfocus.com/bid/4127 https://exchange.xforce.ibmcloud.com/vulnerabilities/8224 •