CVE-2008-7095

The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.

Published: Aug 27, 2009
Updated: Apr 13, 2023
CVE: CVE-2008-7095
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
arubanetworks / aruba_mobility_controller	-	-
arubanetworks / arubaos	3.3.2.6	3.3.2.6.x

http://osvdb.org/51916
http://www.securityfocus.com/archive/1/498033/100/0/threaded
http://www.securityfocus.com/bid/32102

Vulnerability Database

289,697

CVE-2008-7095