The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HPE ArubaOS

vulnerability bulletin CVE-2013-2290

ArubaOS: Cross Site Scripting of WebUI

Synthesis of the vulnerability

An attacker can use a malicious Wi-Fi access point, in order to create a Cross Site Scripting in the WebUI interface of ArubaOS.
Impacted products: ArubaOS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: radio connection.
Creation date: 19/03/2013.
Identifiers: aid-042213, BID-58579, CVE-2013-2290, VIGILANCE-VUL-12543.

Description of the vulnerability

A Wi-Fi access point broadcasts its SSID (Service Set Identifier).

The dashboard of ArubaOS WebUI lists SSID. However, the received SSID are not filtered before being inserted in the generated HTML page.

An attacker can therefore use a malicious Wi-Fi access point, in order to create a Cross Site Scripting in the WebUI interface of ArubaOS.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 11461

ArubaOS: bypassing 802.1X via Local Termination

Synthesis of the vulnerability

When EAP-TLS 802.1X uses the Local Termination mode, an attacker can bypass the authentication and access to the service.
Impacted products: ArubaOS.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 20/03/2012.
Identifiers: BID-52656, VIGILANCE-VUL-11461.

Description of the vulnerability

The 802.1X authentication is based on EAP (Extensible Authentication Protocol), and uses an authentication server such as RADIUS. The Local Termination mode does not require an authentication server.

When EAP-TLS 802.1X uses the Local Termination mode, an attacker can bypass the authentication and access to the service.
Full Vigil@nce bulletin... (Free trial)

vulnerability 11460

ArubaOS: command injection via Aruba Remote Access Point Diagnostic

Synthesis of the vulnerability

An unauthenticated attacker can inject commands via the Aruba Remote Access Point Diagnostic web interface, which are executed with root privileges.
Impacted products: ArubaOS.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: intranet client.
Creation date: 20/03/2012.
Identifiers: BID-52570, VIGILANCE-VUL-11460.

Description of the vulnerability

The Aruba Remote Access Point Diagnostic web interface is used by administrators to execute diagnostic commands.

However, parameters which are entered in the web form are not filtered before being inserted in shell commands.

An unauthenticated attacker can therefore inject commands via the Aruba Remote Access Point Diagnostic web interface, which are executed with root privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 10819

ArubaOS: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two vulnerabilities of Aruba OS, in order to create a Cross Site Scripting, or to redirect Captive Portal users.
Impacted products: ArubaOS.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 07/07/2011.
Identifiers: 070611, BID-48614, VIGILANCE-VUL-10819.

Description of the vulnerability

Two vulnerabilities were announced in Aruba OS.

An attacker can create an access point with a SSID containing JavaScript code. When the administrator connects to the WebUI interface, and displays the page listing discovered access points, the JavaScript code runs in his browser. [severity:2/4]

The Captive Portal feature can redirect authenticated user to a customized web page. However, an attacker can use a HTTP Response Splitting vulnerability, in order to redirect victims (who click on a malicious link) to another page. [severity:2/4]

An attacker can therefore use two vulnerabilities of Aruba OS, in order to create a Cross Site Scripting, or to redirect Captive Portal users.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 10322

Aruba Mobility Controller: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two vulnerabilities of Aruba Mobility Controller, in order to create a denial of service or to bypass the authentication.
Impacted products: ArubaOS.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/02/2011.
Identifiers: 013111, BID-46092, BID-46094, VIGILANCE-VUL-10322.

Description of the vulnerability

Two vulnerabilities were announced in Aruba Mobility Controller.

A client can send a malicious 802.11 Probe Request frame, in order to restart the Aruba access point. This frame can be sent before the creation of a Security Association. [severity:2/4; BID-46092]

When the EAP-TLS Dot1X termination is enabled (aaa authentication dot1x ... termination enable, termination eap-type eap-tls) on a WLAN, an attacker can access to the network without authentication. [severity:2/4; BID-46094]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2009-3555

TLS, OpenSSL, GnuTLS: vulnerability of the renegotiation

Synthesis of the vulnerability

A remote attacker can use a vulnerability of TLS in order to insert plain text data during a renegotiation via a man-in-the-middle attack.
Impacted products: Apache httpd, ArubaOS, BES, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco CSS, IOS by Cisco, IOS XR Cisco, IronPort Email, IronPort Management, Cisco Router, Secure ACS, Cisco CallManager, Cisco CUCM, Cisco IP Phone, WebNS, XenApp, XenDesktop, XenServer, Debian, BIG-IP Hardware, TMOS, Fedora, FortiOS, FreeBSD, HP-UX, AIX, WebSphere AS Traditional, IVE OS, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, Mandriva Linux, Mandriva NF, IIS, Windows 2000, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP, NSS, NetBSD, NetScreen Firewall, ScreenOS, NLD, OES, OpenBSD, OpenSolaris, OpenSSL, openSUSE, Oracle Directory Server, Oracle GlassFish Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, Trusted Solaris, ProFTPD, SSL protocol, RHEL, Slackware, Sun AS, SUSE Linux Enterprise Desktop, SLES, TurboLinux, Unix (platform) ~ not comprehensive, ESX.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 10/11/2009.
Identifiers: 1021653, 111046, 273029, 273350, 274990, 6898371, 6898539, 6898546, 6899486, 6899619, 6900117, 977377, AID-020810, BID-36935, c01945686, c01963123, c02079216, CERTA-2011-ALE-005, CERTFR-2017-AVI-392, CERTFR-2019-AVI-325, cisco-sa-20091109-tls, CTX123248, CTX123359, CVE-2009-3555, DSA-1934-1, DSA-2141-1, DSA-2141-2, DSA-2141-4, DSA-2626-1, DSA-3253-1, FEDORA-2009-12229, FEDORA-2009-12305, FEDORA-2009-12606, FEDORA-2009-12750, FEDORA-2009-12775, FEDORA-2009-12782, FEDORA-2009-12968, FEDORA-2009-13236, FEDORA-2009-13250, FEDORA-2010-1127, FEDORA-2010-3905, FEDORA-2010-3929, FEDORA-2010-3956, FEDORA-2010-5357, FEDORA-2010-8742, FEDORA-2010-9487, FEDORA-2010-9518, FG-IR-17-137, FreeBSD-SA-09:15.ssl, HPSBUX02482, HPSBUX02498, HPSBUX02517, JSA10939, KB25966, MDVSA-2009:295, MDVSA-2009:323, MDVSA-2009:337, MDVSA-2010:069, MDVSA-2010:076, MDVSA-2010:076-1, MDVSA-2010:089, MDVSA-2013:019, NetBSD-SA2010-002, openSUSE-SU-2010:1025-1, openSUSE-SU-2010:1025-2, openSUSE-SU-2011:0845-1, PM04482, PM04483, PM04534, PM04544, PM06400, PSN-2011-06-290, PSN-2012-11-767, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0119-01, RHSA-2010:0130-01, RHSA-2010:0155-01, RHSA-2010:0162-01, RHSA-2010:0163-01, RHSA-2010:0164-01, RHSA-2010:0165-01, RHSA-2010:0166-01, RHSA-2010:0167-01, SOL10737, SSA:2009-320-01, SSA:2010-067-01, SSRT090249, SSRT090264, SSRT100058, SUSE-SA:2009:057, SUSE-SA:2010:020, SUSE-SR:2010:008, SUSE-SR:2010:012, SUSE-SR:2011:008, SUSE-SU-2011:0847-1, TLSA-2009-30, TLSA-2009-32, VIGILANCE-VUL-9181, VMSA-2010-0015, VMSA-2010-0015.1, VMSA-2010-0019, VMSA-2010-0019.1, VMSA-2010-0019.2, VMSA-2010-0019.3, VU#120541.

Description of the vulnerability

Transport Layer Security (TLS) is a cryptographic protocol for network transport.

When opening a connection using TLS, a negotiation mechanism allows the client and server to agree on the encryption algorithm to use.

The protocol allows for renegotiation at any time during the connection. However, the handling of those renegotiations has a vulnerability.

A remote attacker can therefore exploit this vulnerability in order to insert plain text data via a man-in-the-middle attack.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 9127

ArubaOS: denial of service via 802.11 Association Request

Synthesis of the vulnerability

An attacker can send a malformed 802.11 Association Request frame, in order to restart ArubaOS.
Impacted products: ArubaOS.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: radio connection.
Creation date: 27/10/2009.
Identifiers: AID-102609, BID-36832, VIGILANCE-VUL-9127.

Description of the vulnerability

The 802.11 protocol (Wi-Fi) uses several Management type frames:
 - Association Request (0) : negotiation of parameters, before any authentication
 - Beacon (8) : periodical publication of the SSID
 - Authentication (11)
 - etc.

When an ArubaOS access point receives a malformed Association Request frame, it restarts.

An attacker can therefore send a malformed 802.11 Association Request frame, in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 8671

Aruba Mobility Controller: access via SSH

Synthesis of the vulnerability

When a public/private key SSH authentication is enabled in Aruba Mobility Controller, a vulnerability can bypass it.
Impacted products: ArubaOS.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 27/04/2009.
Identifiers: AID-42309, BID-34711, VIGILANCE-VUL-8671.

Description of the vulnerability

The administrator can login to Aruba Mobility Controller via SSH using various authentication methods:
 - login and password (used by default)
 - public/private key
 - etc.

When a public/private key authentication is enabled, a vulnerability can bypass it.

An attacker can therefore login to Aruba Mobility Controller via SSH.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2008-5563

ArubaOS: denial of service via EAP

Synthesis of the vulnerability

An attacker can send a malicious EAP frame in order to create a denial of service in Aruba Mobility Controller.
Impacted products: ArubaOS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: radio connection.
Creation date: 09/12/2008.
Identifiers: AID-12808, BID-32694, CVE-2008-5563, VIGILANCE-VUL-8298.

Description of the vulnerability

The EAP (Extensible Authentication Protocol) protocol is used for the standard or wireless (802.11 with WPA and WPA2 Enterprise) authentication.

When Aruba Mobility Controller receives a malicious EAP frame, the current process stops.

A new process is automatically restarted, and thus the denial of service is temporary.

An attacker can therefore send a malicious EAP frame in order to create a denial of service in Aruba Mobility Controller.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HPE ArubaOS: