Vulnerability Description
The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Aruba Mobility Controller | All versions |
| Arubanetworks | Arubaos | 3.3.2.6 |
Related Weaknesses (CWE)
References
- http://osvdb.org/51916
- http://www.securityfocus.com/archive/1/498033/100/0/threaded
- http://www.securityfocus.com/bid/32102
- http://osvdb.org/51916
- http://www.securityfocus.com/archive/1/498033/100/0/threaded
- http://www.securityfocus.com/bid/32102
FAQ
What is CVE-2008-7095?
CVE-2008-7095 is a vulnerability with a CVSS score of 7.8 (HIGH). The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunit...
How severe is CVE-2008-7095?
CVE-2008-7095 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7095?
Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Aruba Mobility Controller, Arubanetworks Arubaos.