CVE-2007-0932
Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.
Los (1) controladores Aruba Mobility versiones 200, 600, 2400 y 6000 y (2) Alcatel-Lucent OmniAccess Wireless versiones 43xx y 6000 implementan de manera inapropiada la autenticaciĆ³n y la asignaciĆ³n de privilegios para la cuenta del invitado, lo que permite a los atacantes remotos acceder a interfaces administrativas o a la WLAN.
Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-02-13 CVE Reserved
- 2007-02-14 CVE Published
- 2024-07-09 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/33185 | Vdb Entry | |
| http://securityreason.com/securityalert/2243 | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/613833 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/459927/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/22538 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32461 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html | 2018-10-16 | |
| http://secunia.com/advisories/24144 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Alcatel-lucent Search vendor "Alcatel-lucent" | Omniaccess Wireless Search vendor "Alcatel-lucent" for product "Omniaccess Wireless" | 43xx Search vendor "Alcatel-lucent" for product "Omniaccess Wireless" and version "43xx" | - |
Affected
| ||||||
| Alcatel-lucent Search vendor "Alcatel-lucent" | Omniaccess Wireless Search vendor "Alcatel-lucent" for product "Omniaccess Wireless" | 6000 Search vendor "Alcatel-lucent" for product "Omniaccess Wireless" and version "6000" | - |
Affected
| ||||||
| Aruba Search vendor "Aruba" | Mobility Controller Search vendor "Aruba" for product "Mobility Controller" | 200 Search vendor "Aruba" for product "Mobility Controller" and version "200" | - |
Affected
| ||||||
| Aruba Search vendor "Aruba" | Mobility Controller Search vendor "Aruba" for product "Mobility Controller" | 800 Search vendor "Aruba" for product "Mobility Controller" and version "800" | - |
Affected
| ||||||
| Aruba Search vendor "Aruba" | Mobility Controller Search vendor "Aruba" for product "Mobility Controller" | 2400 Search vendor "Aruba" for product "Mobility Controller" and version "2400" | - |
Affected
| ||||||
| Aruba Search vendor "Aruba" | Mobility Controller Search vendor "Aruba" for product "Mobility Controller" | 6000 Search vendor "Aruba" for product "Mobility Controller" and version "6000" | - |
Affected
| ||||||