CVE-2009-3836 - ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows

CVE-2009-3836

Summary

ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame.

References

Vulnerable Configurations

cpe:2.3:o:arubanetworks:arubaos:3.1.1:rn:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.1.1:rn:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.3.1.16:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.3.1.16:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.3.1.29:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.3.1.29:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.3.1.30:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.3.1.30:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.3.2.6:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.3.2.6:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.3.2.14:fips:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.3.2.14:fips:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.4.0:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:3.4.0:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:aruba_mobility_controller:*:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:aruba_mobility_controller:*:*:*:*:*:*:*:*

CVSS

Base:	6.1 (as of 09-11-2009 - 05:00)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:A/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	36832
confirm	http://www.arubanetworks.com/support/alerts/aid-102609.asc
secunia	37085
vupen	ADV-2009-3051

Last major update

09-11-2009 - 05:00

Published

02-11-2009 - 15:30

Last modified

09-11-2009 - 05:00