0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Aruba Networks AOS 6.3.1.19 Improper Authentication Vulnerability
[Product: AOS
Manufacturer: Aruba Networks
Affected Version(s): 6.3.1.19
Tested Version(s): 6.3.1.19 on an RAP-3 router
Vulnerability Type: Improper Authentication
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2016-09-06
Solution Date: --
Public Disclosure: 2016-11-07
CVE Reference: Not yet assigned
Author of Advisory: Klaus Tichmann, SySS GmbH
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Overview:
AOS is a Linux-based Operating System designed for routers produced by
Aruba Networks.
Its shell uses a modified variant of the Busybox shell that restricts
the capabilities of the root user until the special command enable and
a password is used.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerability Details:
The "enable" protection can be bypassed by pressing the special key
sequence [Esc] [Ctrl]-K. As this is an undocument feature or not
documentation for this feature could be found, the SySS regards this as
a backdoor.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Proof of Concept (PoC):
After entering the special key sequence, the shell emits the message
Switching to Full Access
and grants all permissions in the current shell session.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution:
According to the vendor, the "enable"-functionality is not a security
feature. Therefore, no direct fix will be provided. The vendor
recommends to upgrade to the newest version of the operating system
which allows for disabling of the hardware console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disclosure Timeline:
2016-09-01: Vulnerability discovered
2016-09-06: Vulnerability reported to manufacturer
2016-11-07: Public disclusure
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
References:
[1] Product information for AOS
http://www.arubanetworks.com/assets/ds/DS_AOS.pdf
[2] Product website for RAP-3WNP
http://www.arubanetworks.com/products/networking/access-points/rap-3/
[3] SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
# 0day.today [2025-01-08] #