ID CVE-2008-5563
Summary Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame. http://secunia.com/advisories/33057 Note: When using wireless, this only affects devices running in WPA/WPA2 Enterprise modes. The vulnerability is reported in ArubaOS 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x.
References
Vulnerable Configurations
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.4.8:*:fips:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.4.8:*:fips:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.4.8.5:*:fips:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.4.8.5:*:fips:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.4.8.6:*:fips:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.4.8.6:*:fips:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.4.8.11:*:fips:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.4.8.11:*:fips:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.2.11:*:*:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.4.17:*:*:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.4.17:*:*:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.4.18:*:*:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.4.18:*:*:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.4.25:*:*:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.4.25:*:*:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.5.7:*:*:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.5.7:*:*:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.6:*:*:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:2.5.6:*:*:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controller:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controller:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:aruba_networks:aruba_mobility_controllers:3.1.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:aruba_networks:aruba_mobility_controllers:3.1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:arubanetworks:aruba_mobility_controller:3.1.1.0:*:fips:*:*:*:*:*
    cpe:2.3:o:arubanetworks:aruba_mobility_controller:3.1.1.0:*:fips:*:*:*:*:*
  • cpe:2.3:o:arubanetworks:aruba_mobility_controller:3.1.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:arubanetworks:aruba_mobility_controller:3.1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:arubanetworks:aruba_mobility_controller:3.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:arubanetworks:aruba_mobility_controller:3.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:arubanetworks:aruba_mobility_controller:3.3.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:arubanetworks:aruba_mobility_controller:3.3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:arubanetworks:aruba_mobility_controller:3.3.1.6:*:*:*:*:*:*:*
    cpe:2.3:o:arubanetworks:aruba_mobility_controller:3.3.1.6:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 11-10-2018 - 20:56)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 32694
bugtraq 20081208 DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame (Aruba Advisory ID: AID-12808)
confirm http://www.arubanetworks.com/support/alerts/aid-12808.asc
sectrack 1021362
secunia 33057
sreason 4728
Last major update 11-10-2018 - 20:56
Published 15-12-2008 - 18:00
Back to Top