ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The version of ArubaOS has an authentication bypass vulnerability.

Description :

The version of ArubaOS has an unspecified vulnerability that allows a
remote attacker to obtain limited administrative privileges without
valid credentials. The vulnerability affects access over SSH. However,
access through WebUI and the serial port is not affected, and the
vulnerability does not provide 'root' level access, although it could
allow the following activities :

- Issue 'show' commands.

- Obtain encrypted password hashes for administrative
accounts.

- View the running configuration.

- Add users to the internal user database with 'guest'
rights.

See also :

http://www.arubanetworks.com/assets/alert/aid-10072014.txt

Solution :

Upgrade to 6.3.1.12 / 6.4.2.2 or downgrade to 6.3.1.10 / 6.4.2.0.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Misc.

Nessus Plugin ID: 78510 ()

Bugtraq ID:

CVE ID: CVE-2014-7299

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now