CVE-2007-6054

Name of the Vulnerable Software and Affected Versions Aruba 800 Mobility Controller versions 2.5.4.18 and earlier Aruba 800 Mobility Controller versions 2.4.8.6-FIPS and earlier

Description A cross-site scripting (XSS) issue exists in the login page of the management interface, allowing remote attackers to inject arbitrary web script or HTML via the PATH INFO to the "/screens" URI, related to the url variable.

Recommendations For Aruba 800 Mobility Controller versions 2.5.4.18 and earlier, update to a version later than 2.5.4.18 to resolve the issue. For Aruba 800 Mobility Controller versions 2.4.8.6-FIPS and earlier, update to a version later than 2.4.8.6-FIPS to resolve the issue. As a temporary workaround, consider restricting access to the "/screens" URI in the management interface to minimize the risk of exploitation.