PT-2008-6624 · Aruba · Aruba Mobility Controller

Robbie Gill

Published

2008-12-15

Updated

2018-10-11

CVE-2008-5563

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Aruba Mobility Controller versions 2.4.8.x-FIPS through 3.3.2.x

Description The issue allows remote attackers to cause a denial of service, resulting in a device crash, by sending a malformed Extensible Authentication Protocol (EAP) frame.

Recommendations For versions 2.4.8.x-FIPS through 3.3.2.x, consider restricting access to EAP frames until a patch is available. As a temporary workaround, disabling EAP authentication may help minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2008-5563

Affected Products

Aruba Mobility Controller

PT-2008-6624 · Aruba · Aruba Mobility Controller

CVE-2008-5563

Weakness Enumeration

Related Identifiers

Affected Products

References · 7