Bugtraq: Aruba Mobility Controller SNMP Community String Disclosure

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Aruba Mobility Controller SNMP Community String Disclosure

From: nnposter () disclosed not
Date: 4 Nov 2008 15:10:58 -0000

Aruba Mobility Controller SNMP Community String Disclosure


Product:

Aruba Mobility Controller
http://www.arubanetworks.com/products/mobility_controllers.php


Aruba mobility controller can be monitored via SNMP. It is possible to learn all configured SNMP community strings as 
long as at least one of them is known to the attacker. This can be accomplished by walking OID branch 
SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName 
(1.3.6.1.6.3.16.1.2.1.3).

While the vulnerability is not in any way exposing the Aruba controller itself, the disclosure may lead to unauthorized 
access to other devices for which the attacker originally did not possess valid community strings.

Similarly it is possible to enumerate SNMPv3 users by inspecting SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB but 
the passwords are not disclosed. This means that only noAuthNoPriv users represent an immediate exposure.


The vulnerability has been identified in ArubaOS version 3.3.2.6 but previous versions are also likely affected.


Solution:
Do not rely solely on SNMP community strings to separate access by different clients. Where impractical, use unique 
community strings for the Aruba infrastructure.


Found by:
nnposter

By Date By Thread

Current thread:

Aruba Mobility Controller SNMP Community String Disclosure nnposter (Nov 04)