CVE-2020-28251

Name of the Vulnerable Software and Affected Versions NETSCOUT AirMagnet Enterprise versions 11.1.4 build 37257 and earlier

Description The issue allows an attacker to gain administrative access to a sensor, and subsequently, invoke a command to obtain root access to the operating system. This can be achieved by completing a straightforward password-cracking exercise, which suggests that the vulnerability can be exploited with relative ease.

Recommendations For NETSCOUT AirMagnet Enterprise versions 11.1.4 build 37257 and earlier, consider restricting access to the sensor and its associated commands to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the use of administrative credentials and ensure that all passwords are complex and not easily guessable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.