Lucene search

[email protected]CVE-2007-0932

HistoryFeb 14, 2007 - 11:28 a.m.

CVE-2007-0932

2007-02-1411:28:00

CWE-264

[email protected]

web.nvd.nist.gov

aruba

alcatel-lucent

wireless

authentication

vulnerability

cve-2007-0932

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.4%

JSON

The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.

Affected configurations

NVD

Node

alcatel-lucentomniaccess_wirelessMatch43xx

alcatel-lucentomniaccess_wirelessMatch6000

arubamobility_controllerMatch200

arubamobility_controllerMatch800

arubamobility_controllerMatch2400

arubamobility_controllerMatch6000

CPENameOperatorVersion
alcatel-lucent:omniaccess_wirelessalcatel-lucent omniaccess wirelesseq43xx
alcatel-lucent:omniaccess_wirelessalcatel-lucent omniaccess wirelesseq6000
aruba:mobility_controlleraruba mobility controllereq200
aruba:mobility_controlleraruba mobility controllereq800
aruba:mobility_controlleraruba mobility controllereq2400
aruba:mobility_controlleraruba mobility controllereq6000

CPE	Name	Operator	Version
alcatel-lucent:omniaccess_wireless	alcatel-lucent omniaccess wireless	eq	43xx
alcatel-lucent:omniaccess_wireless	alcatel-lucent omniaccess wireless	eq	6000
aruba:mobility_controller	aruba mobility controller	eq	200
aruba:mobility_controller	aruba mobility controller	eq	800
aruba:mobility_controller	aruba mobility controller	eq	2400
aruba:mobility_controller	aruba mobility controller	eq	6000

References

lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html

osvdb.org/33185

secunia.com/advisories/24144

securityreason.com/securityalert/2243

www.kb.cert.org/vuls/id/613833

www.securityfocus.com/archive/1/459927/100/0/threaded

www.securityfocus.com/bid/22538

exchange.xforce.ibmcloud.com/vulnerabilities/32461

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2007-0932

prion1 nvd1 cvelist1 securityvulns1 packetstorm1