HomePentest-Tools.com Logo

ArubaOS Multiple Vulnerabilities (ARUBA-PSA-2015-011) CVE-2015-5437

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

ArubaOS is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - A reflected cross-site scripting vulnerability is present in the a monitoring page in the WebUI. If an administrator were tricked into clicking on a malicious URL while logged into an Aruba controllers management interface, this vulnerability could potentially reveal a session cookie. - Most configuration-related pages in the ArubaOS management UI are protected against cross-site request forgery (CSRF) through the use of a unique, random token. It was found that certain operations which could reveal sensitive information, such as the controller configuration file, were not protected against CSRF. If an administrator were tricked into clicking on a malicious URL while logged into an Aruba controllers management interface, this vulnerability could leak sensitive information to an attacker. - Sending a specific malformed wireless frame to an AP-225 may cause the AP to reboot. Aruba inadvertently documented this in ArubaOS release notes before a security advisory could be issued.

Recommendation

Update to version 6.3.1.19, 6.4.2.13, 6.4.3.4, 6.4.4.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 11, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available