CVE-2008-7095
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.
Demonio en ArubaOS v3.3.2.6 en Aruba Mobility Controller no restringe el acceso SNMP, lo que permite a los atacantes remotos (1) leer todas las cadenas de caracteres SNMP de la comunidad a través SNMP-COMMUNITY-MIB::snmpCommunityName (v1.3.6.1.6.3.18.1.1.1.2) o SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (v1.3.6.1.6.3.16.1.2.1.3) con conocimiento de una cadena de caracteres de la comunidad, y (2) leer SNMPv3 nombres de usuario a través SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-08-27 CVE Reserved
- 2009-08-27 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/51916 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/498033/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/32102 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Arubanetworks Search vendor "Arubanetworks" | Aruba Mobility Controller Search vendor "Arubanetworks" for product "Aruba Mobility Controller" | * | - |
Affected
| in | Arubanetworks Search vendor "Arubanetworks" | Arubaos Search vendor "Arubanetworks" for product "Arubaos" | 3.3.2.6 Search vendor "Arubanetworks" for product "Arubaos" and version "3.3.2.6" | - |
Affected
|