HIGH🇵🇱 Wersja polska

CVE-2008-7023

CVSS 10.0v2.0pub. 2009-08-21upd. 2026-04-23

Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Arubanetworks Aruba Mobility Controller

    HW
    Arubanetworks
    wszystkie wersje
  • Arubanetworks Arubaos

    OS
    Arubanetworks
    3.3.1.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-42395CRITICAL9.8PL ✓ten sam produkt

RCE bez uwierzytelnienia w AP Certificate Management Service (ArubaOS/InstantOS)

CVE-2024-42394CRITICAL9.8PL ✓ten sam produkt

RCE w Soft AP Daemon Service — ArubaOS i InstantOS (KRYTYCZNY)

CVE-2024-42393CRITICAL9.8PL ✓ten sam produkt

RCE w Soft AP Daemon Service — ArubaOS i InstantOS

CVE-2024-31469CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w usłudze Central Communications Aruba – nieuwierzytelnione RCE

CVE-2024-31467CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w CLI service ArubaOS/InstantOS umożliwiający zdalny RCE