Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20848
HistoryNov 10, 2008 - 12:00 a.m.

Aruba Mobility Controller SNMP Community String Disclosure

2008-11-1000:00:00
vulners.com
9
JSON

Aruba Mobility Controller SNMP Community String Disclosure

Product:

Aruba Mobility Controller
http://www.arubanetworks.com/products/mobility_controllers.php

Aruba mobility controller can be monitored via SNMP. It is possible to learn all configured SNMP community strings as long
as at least one of them is known to the attacker. This can be accomplished by walking OID branch
SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName
(1.3.6.1.6.3.16.1.2.1.3).

While the vulnerability is not in any way exposing the Aruba controller itself, the disclosure may lead to unauthorized
access to other devices for which the attacker originally did not possess valid community strings.

Similarly it is possible to enumerate SNMPv3 users by inspecting SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB but the
passwords are not disclosed. This means that only noAuthNoPriv users represent an immediate exposure.

The vulnerability has been identified in ArubaOS version 3.3.2.6 but previous versions are also likely affected.

Solution:
Do not rely solely on SNMP community strings to separate access by different clients. Where impractical, use unique
community strings for the Aruba infrastructure.

Found by:
nnposter

JSON