exploitDog

CVE-2008-7095

Опубликовано: 27 авг. 2009

Источник: nvd

CVSS2: 7.8

EPSS Низкий

Описание

The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:h:arubanetworks:aruba_mobility_controller:*:*:*:*:*:*:*:*

cpe:2.3:o:arubanetworks:arubaos:3.3.2.6:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00304

Низкий

7.8 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-gv7w-55hp-ch9m

github

больше 3 лет назад

The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.

EPSS

Процентиль: 53%

0.00304

Низкий

7.8 High

CVSS2

Дефекты

CWE-264