6.4.2.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

arubanetworks

nessus

NVD

Published: 2014-10-08

Updated: 2014-10-08

Summary

Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain potentially sensitive information or add guest accounts, via an SSH session.

Vulnerable Configurations

Part	Description	Count
OS	Arubanetworks Arubanetworks Arubaos 6.3.11 Arubanetworks Arubaos 6.4.2.1	4

Nessus

NASL family	Misc.
NASL id	ARUBAOS_AUTH_BYPASS_AID-10072014.NASL
description	The version of ArubaOS has an unspecified vulnerability that allows a remote attacker to obtain limited administrative privileges without valid credentials. The vulnerability affects access over SSH. However, access through WebUI and the serial port is not affected, and the vulnerability does not provide
last seen	2020-06-01
modified	2020-06-02
plugin id	78510
published	2014-10-16
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78510
title	ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(78510); script_version("1.8"); script_cvs_date("Date: 2019/11/25"); script_cve_id("CVE-2014-7299"); script_name(english:"ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass"); script_summary(english:"Checks the ArubaOS version."); script_set_attribute(attribute:"synopsis", value: "The version of ArubaOS has an authentication bypass vulnerability."); script_set_attribute(attribute:"description", value: "The version of ArubaOS has an unspecified vulnerability that allows a remote attacker to obtain limited administrative privileges without valid credentials. The vulnerability affects access over SSH. However, access through WebUI and the serial port is not affected, and the vulnerability does not provide 'root' level access, although it could allow the following activities : - Issue 'show' commands. - Obtain encrypted password hashes for administrative accounts. - View the running configuration. - Add users to the internal user database with 'guest' rights."); script_set_attribute(attribute:"see_also", value:"https://www.arubanetworks.com/assets/alert/aid-10072014.txt"); script_set_attribute(attribute:"solution", value: "Upgrade to 6.3.1.12 / 6.4.2.2 or downgrade to 6.3.1.10 / 6.4.2.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/07"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/16"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:arubanetworks:arubaos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("arubaos_detect.nbin"); script_require_keys("Host/ArubaNetworks/ArubaOS/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("Host/ArubaNetworks/ArubaOS/version"); # Version may contain -FIPS at the end, unable to verify chkvers = ereg_replace(pattern:"-FIPS", replace:"", string:version); fixed = FALSE; if (chkvers == "6.4.2.1") fixed = "6.4.2.2"; else if (chkvers == "6.3.1.11") fixed = "6.3.1.12"; if ("FIPS" >< version && fixed) fixed += "-FIPS"; if (fixed) { if (report_verbosity > 0) { report = '\n Installed version : '+version+ '\n Fixed version : '+fixed+ '\n'; security_hole(port:0,extra:report); } else security_hole(port:0); } else audit(AUDIT_DEVICE_NOT_VULN, "ArubaOS device", version);

Packetstorm

data source	https://packetstormsecurity.com/files/download/136997/aruba-nightmare.txt
id	PACKETSTORM:136997
last seen	2016-12-05
published	2016-05-06
reporter	Google Security Research
source	https://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html
title	Aruba Authentication Bypass / Insecure Transport / Tons Of Issues

References

http://www.arubanetworks.com/support/alerts/aid-10072014.txt