// For flags

CVE-2007-0932

Aruba Authentication Bypass / Insecure Transport / Tons Of Issues

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.

Los (1) controladores Aruba Mobility versiones 200, 600, 2400 y 6000 y (2) Alcatel-Lucent OmniAccess Wireless versiones 43xx y 6000 implementan de manera inapropiada la autenticaciĆ³n y la asignaciĆ³n de privilegios para la cuenta del invitado, lo que permite a los atacantes remotos acceder a interfaces administrativas o a la WLAN.

Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-02-13 CVE Reserved
  • 2007-02-14 CVE Published
  • 2024-07-09 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Alcatel-lucent
Search vendor "Alcatel-lucent"
Omniaccess Wireless
Search vendor "Alcatel-lucent" for product "Omniaccess Wireless"
43xx
Search vendor "Alcatel-lucent" for product "Omniaccess Wireless" and version "43xx"
-
Affected
Alcatel-lucent
Search vendor "Alcatel-lucent"
Omniaccess Wireless
Search vendor "Alcatel-lucent" for product "Omniaccess Wireless"
6000
Search vendor "Alcatel-lucent" for product "Omniaccess Wireless" and version "6000"
-
Affected
Aruba
Search vendor "Aruba"
Mobility Controller
Search vendor "Aruba" for product "Mobility Controller"
200
Search vendor "Aruba" for product "Mobility Controller" and version "200"
-
Affected
Aruba
Search vendor "Aruba"
Mobility Controller
Search vendor "Aruba" for product "Mobility Controller"
800
Search vendor "Aruba" for product "Mobility Controller" and version "800"
-
Affected
Aruba
Search vendor "Aruba"
Mobility Controller
Search vendor "Aruba" for product "Mobility Controller"
2400
Search vendor "Aruba" for product "Mobility Controller" and version "2400"
-
Affected
Aruba
Search vendor "Aruba"
Mobility Controller
Search vendor "Aruba" for product "Mobility Controller"
6000
Search vendor "Aruba" for product "Mobility Controller" and version "6000"
-
Affected