CVE-2008-7095

Name of the Vulnerable Software and Affected Versions ArubaOS version 3.3.2.6

Description The issue concerns the SNMP daemon, which does not properly restrict SNMP access. This allows remote attackers to read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string. Additionally, attackers can read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.

Recommendations As a temporary workaround, consider restricting SNMP access until a patch is available. Restrict access to the SNMP daemon to minimize the risk of exploitation. Avoid using the snmpCommunityName and vacmGroupName variables in the affected MIBs until the issue is resolved.