CVE-2008-7023Arubaos vulnerability

CWE-3103 documents3 sources
Severity
10.0CRITICALNVD
EPSS
0.4%
top 40.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arubanetworks Arubaos
Timeline
PublishedAug 21
Latest updateMay 14

Description

Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDarubanetworks/arubaos3.3.1.16

🔴Vulnerability Details

2
GHSA
GHSA-9833-hjvv-3qpp: Aruba Mobility Controller running ArubaOS 32022-05-14
CVEList
CVE-2008-7023: Aruba Mobility Controller running ArubaOS 32009-08-21
CVE-2008-7023 — Arubanetworks Arubaos vulnerability | cvebase