CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-7023

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile42.98th
Published2009年8月21日
Last Modified2026年4月23日

Vulnerability Description

Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.

Affected Platforms (CPE)

🔌
Arubanetworks

Aruba Mobility Controller

All versions
💻
Arubanetworks

Arubaos

= 3.3.1.16

References & Advisories

🔗 http://osvdb.org/51731
🔗 http://www.securityfocus.com/archive/1/496604/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/496622/100/0/threaded
🔗 http://www.securityfocus.com/bid/31336
🔗 http://osvdb.org/51731
🔗 http://www.securityfocus.com/archive/1/496604/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/496622/100/0/threaded
🔗 http://www.securityfocus.com/bid/31336

相关漏洞威胁

CVE-2017-90009.8

ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior...

CVE-2020-246349.8

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networ...

CVE-2020-246339.8

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially ...

CVE-2008-22739.0

Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remot...