CVE-2008-5563 — Improper Input Validation in Networks Aruba Mobility Controller

CWE-399 CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.8HIGHNVD

EPSS

1.8%

top 17.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aruba Networks Aruba Mobility Controller Aruba Networks Aruba Mobility Controllers Arubanetworks Aruba Mobility Controller

Timeline

PublishedDec 15

Latest updateMay 14

Description

Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶NVDarubanetworks/aruba_mobility_controller5 versions+4

▶NVDaruba_networks/aruba_mobility_controller12 versions+11

▶NVDaruba_networks/aruba_mobility_controllers3.1.1.3

🔴Vulnerability Details

GHSA

GHSA-8pm7-x4vr-pg77: Aruba Mobility Controller 2↗2022-05-14

▶

CVEList

CVE-2008-5563: Aruba Mobility Controller 2↗2008-12-15

▶

💥Exploits & PoCs

Exploit-DB

TFTP Server 1.4 - ST 'RRQ' Remote Buffer Overflow↗2012-01-10

▶

📐Framework References

CWE

Improper Input Validation↗

▶