CVE-2016-2031 — CRITICAL (9.8)

Q: How severe is CVE-2016-2031?

CVE-2016-2031 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-2031?

Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Airwave, Arubanetworks Aruba Instant, Arubanetworks Arubaos, Siemens Scalance W1750D Firmware, Siemens Scalance W1750D.

Vulnerability Description

Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Arubanetworks	Airwave	< 8.2.0.0
Arubanetworks	Aruba Instant	< 4.1.3.0
Arubanetworks	Arubaos	All versions
Siemens	Scalance W1750D Firmware	All versions
Siemens	Scalance W1750D	-

Related Weaknesses (CWE)

CWE-20

References

http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-InsecureExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2016/May/19ExploitMailing ListThird Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txtVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdfThird Party Advisory
https://www.securityfocus.com/bid/90207Broken Link
http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-InsecureExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2016/May/19ExploitMailing ListThird Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txtVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdfThird Party Advisory
https://www.securityfocus.com/bid/90207Broken Link

FAQ

What is CVE-2016-2031?

CVE-2016-2031 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious...

How severe is CVE-2016-2031?

CVE-2016-2031 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-2031?

Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Airwave, Arubanetworks Aruba Instant, Arubanetworks Arubaos, Siemens Scalance W1750D Firmware, Siemens Scalance W1750D.