Aruba Mobility Controller Multiple Vulnerabilities

Bugtraq ID:	22538
Class:	Unknown
CVE:	CVE-2007-0932 CVE-2007-0931
Remote:	Yes
Local:	No
Published:	Feb 13 2007 12:00AM
Updated:	Jul 06 2016 02:40PM
Credit:	Jan Münther and Maxim Salomon of n.runs are credited with the discovery of these vulnerabilities.
Vulnerable:	Aruba Networks Aruba Mobility Controller (Firmware) 2.0 Aruba Networks Aruba Mobility Controller 800 Aruba Networks Aruba Mobility Controller 6000 Aruba Networks Aruba Mobility Controller 6.1.2.6 Aruba Networks Aruba Mobility Controller 2400 Alcatel-Lucent OmniAccess Wireless 6000 0 Alcatel-Lucent OmniAccess Wireless 43xx 0
Not Vulnerable:

Aruba Mobility Controller Multiple Vulnerabilities

Aruba Mobility Controller is prone to multiple vulnerabilities that may lead to authentication bypass, remote code execution, denial-of-service conditions.

Aruba Networks Mobility Controller devices with firmware version 2.0 or greater are vulnerable.

Aruba Mobility Controller Multiple Vulnerabilities

Currently we are not aware of any exploits for the buffer-overflow vulnerability. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

To exploit the authentication-bypass vulnerability, an attacker can use the guest account in the vulnerable administrative interface.

Aruba Mobility Controller Multiple Vulnerabilities

Solution:
The vendor has released a patch that addresses these issues. Please see the references for additional information.

Aruba Mobility Controller Multiple Vulnerabilities

References:

• Aruba Networks Homepage (Aruba Networks)
  
• Aruba Networks Support (Aruba Networks)
  
• Aruba Mobility Controller Management Buffer Overflow (n.runs)
  
• Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Accou (n.runs)