Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:CArubanetworks Aruba Mobility Controller
HWArubanetworkswszystkie wersjeArubanetworks Arubaos
OSArubanetworks3.3.1.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References
Related vulnerabilities
CVE-2024-42395CRITICAL9.8PL ✓ten sam produkt
RCE bez uwierzytelnienia w AP Certificate Management Service (ArubaOS/InstantOS)
CVE-2024-42394CRITICAL9.8PL ✓ten sam produkt
RCE w Soft AP Daemon Service — ArubaOS i InstantOS (KRYTYCZNY)
CVE-2024-42393CRITICAL9.8PL ✓ten sam produkt
RCE w Soft AP Daemon Service — ArubaOS i InstantOS
CVE-2024-31469CRITICAL9.8PL ✓ten sam produkt
Buffer overflow w usłudze Central Communications Aruba – nieuwierzytelnione RCE
CVE-2024-31467CRITICAL9.8PL ✓ten sam produkt
Buffer overflow w CLI service ArubaOS/InstantOS umożliwiający zdalny RCE