CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2007-0932 – Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
https://notcve.org/view.php?id=CVE-2007-0932
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN. Los (1) controladores Aruba Mobility versiones 200, 600, 2400 y 6000 y (2) Alcatel-Lucent OmniAccess Wireless versiones 43xx y 6000 implementan de manera inapropiada la autenticación y la asignación de privilegios para la cuenta del invitado, lo que permite a los atacantes remotos acceder a interfaces administrativas o a la WLAN. Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html http://osvdb.org/33185 http://secunia.com/advisories/24144 http://securityreason.com/securityalert/2243 http://www.kb.cert.org/vuls/id/613833 http://www.securityfocus.com/archive/1/459927/100/0/threaded http://www.securityfocus.com/bid/22538 https://exchange.xforce.ibmcloud.com/vulnerabilities/32461 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2377
https://notcve.org/view.php?id=CVE-2004-2377
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled. • http://secunia.com/advisories/10981 http://securitytracker.com/id?1009211 http://www.osvdb.org/4064 http://www.securityfocus.com/archive/1/355134 http://www.securityfocus.com/bid/9745 https://exchange.xforce.ibmcloud.com/vulnerabilities/15318 •
CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 1CVE-2003-1108
https://notcve.org/view.php?id=CVE-2003-1108
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. • http://www.cert.org/advisories/CA-2003-06.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip http://www.kb.cert.org/vuls/id/528719 http://www.securityfocus.com/bid/6904 https://exchange.xforce.ibmcloud.com/vulnerabilities/11379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5831 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2002-1691
https://notcve.org/view.php?id=CVE-2002-1691
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access. • http://marc.info/?l=bugtraq&m=101413767925869&w=2 http://www.securityfocus.com/bid/4127 https://exchange.xforce.ibmcloud.com/vulnerabilities/8224 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1272
https://notcve.org/view.php?id=CVE-2002-1272
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. Los conmutadores Alcatel OmniSwitch 7700/7800 en los que corre AOS 5.1.1 contienen una puerta trasera al servidor de telnet, que fue creada para desarrollo, pero que no se eliminó antes de su distribución. Esto permite a atacantes remotos la obtención de privilegios de administración. • http://www.cert.org/advisories/CA-2002-32.html http://www.kb.cert.org/vuls/id/181721 http://www.securityfocus.com/bid/6220 https://exchange.xforce.ibmcloud.com/vulnerabilities/10664 •