CyberSec.Space Logo
Back to CVE Browser

CVE-2008-7023

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile42.98th
PublishedAug 21, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.

Affected Platforms (CPE)

πŸ”Œ
Arubanetworks

Aruba Mobility Controller

All versions
πŸ’»
Arubanetworks

Arubaos

= 3.3.1.16

References & Advisories

πŸ”— http://osvdb.org/51731
πŸ”— http://www.securityfocus.com/archive/1/496604/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/496622/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/31336
πŸ”— http://osvdb.org/51731
πŸ”— http://www.securityfocus.com/archive/1/496604/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/496622/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/31336

Related Vulnerabilities

CVE-2017-90009.8

ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior...

CVE-2020-246349.8

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networ...

CVE-2020-246339.8

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially ...

CVE-2008-22739.0

Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remot...