Vulnerabilities > CVE-2014-7299 - Unspecified vulnerability in Arubanetworks Arubaos 6.3.11/6.4.2.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
arubanetworks
nessus
NVD
Published: 2014-10-08
Updated: 2014-10-08

Summary

Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session.

Vulnerable Configurations

Part Description Count
OS
Arubanetworks
4

Nessus

NASL familyMisc.
NASL idARUBAOS_AUTH_BYPASS_AID-10072014.NASL
descriptionThe version of ArubaOS has an unspecified vulnerability that allows a remote attacker to obtain limited administrative privileges without valid credentials. The vulnerability affects access over SSH. However, access through WebUI and the serial port is not affected, and the vulnerability does not provide
last seen2020-06-01
modified2020-06-02
plugin id78510
published2014-10-16
reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/78510
titleArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(78510);
  script_version("1.8");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id("CVE-2014-7299");

  script_name(english:"ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass");
  script_summary(english:"Checks the ArubaOS version.");

  script_set_attribute(attribute:"synopsis", value:
"The version of ArubaOS has an authentication bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of ArubaOS has an unspecified vulnerability that allows a
remote attacker to obtain limited administrative privileges without
valid credentials. The vulnerability affects access over SSH. However,
access through WebUI and the serial port is not affected, and the
vulnerability does not provide 'root' level access, although it could
allow the following activities :

  - Issue 'show' commands.

  - Obtain encrypted password hashes for administrative
    accounts.

  - View the running configuration.

  - Add users to the internal user database with 'guest'
    rights.");
  script_set_attribute(attribute:"see_also", value:"https://www.arubanetworks.com/assets/alert/aid-10072014.txt");
  script_set_attribute(attribute:"solution", value:
"Upgrade to 6.3.1.12 / 6.4.2.2  or downgrade to 6.3.1.10 / 6.4.2.0.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/16");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:arubanetworks:arubaos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("arubaos_detect.nbin");
  script_require_keys("Host/ArubaNetworks/ArubaOS/version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("Host/ArubaNetworks/ArubaOS/version");

# Version may contain -FIPS at the end, unable to verify
chkvers = ereg_replace(pattern:"-FIPS", replace:"", string:version);

fixed = FALSE;
if (chkvers == "6.4.2.1")       fixed = "6.4.2.2";
else if (chkvers == "6.3.1.11") fixed = "6.3.1.12";
if ("FIPS" >< version && fixed) fixed += "-FIPS";

if (fixed)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Installed version : '+version+
      '\n  Fixed version     : '+fixed+
      '\n';
    security_hole(port:0,extra:report);
  }
  else security_hole(port:0);
}
else audit(AUDIT_DEVICE_NOT_VULN, "ArubaOS device", version);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/136997/aruba-nightmare.txt
idPACKETSTORM:136997
last seen2016-12-05
published2016-05-06
reporterGoogle Security Research
sourcehttps://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html
titleAruba Authentication Bypass / Insecure Transport / Tons Of Issues

References