N/A

The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.

N/A

N/A

Aruba Networks ArubaOS SNMP Community String 信息泄露漏洞

Aruba Mobility Controller的ArubaOS 3.3.2.6版本中的SNMP后台程序没有限制对SNMP的访问。远程攻击者可以(1)借助SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2)或SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3)以及通过了解其中一个community字符串来读取所有SNMPcommunity字符串，(2)借助SN

N/A

N/A