ArubaOS 22.214.171.124 / 126.96.36.199 SSH Authentication Bypass
High Nessus Plugin ID 78510
SynopsisThe version of ArubaOS has an authentication bypass vulnerability.
DescriptionThe version of ArubaOS has an unspecified vulnerability that allows a remote attacker to obtain limited administrative privileges without valid credentials. The vulnerability affects access over SSH. However, access through WebUI and the serial port is not affected, and the vulnerability does not provide 'root' level access, although it could allow the following activities :
- Issue 'show' commands.
- Obtain encrypted password hashes for administrative accounts.
- View the running configuration.
- Add users to the internal user database with 'guest' rights.
SolutionUpgrade to 188.8.131.52 / 184.108.40.206 or downgrade to 220.127.116.11 / 18.104.22.168.