Test ID:	1.3.6.1.4.1.25623.1.0.105657
Category:	General
Title:	ArubaOS Multiple Vulnerabilities (ARUBA-PSA-2015-011)
Summary:	ArubaOS is prone to multiple vulnerabilities.
Description:	Summary: ArubaOS is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - A reflected cross-site scripting vulnerability is present in the a monitoring page in the WebUI. If an administrator were tricked into clicking on a malicious URL while logged into an Aruba controller's management interface, this vulnerability could potentially reveal a session cookie. - Most configuration-related pages in the ArubaOS management UI are protected against cross-site request forgery (CSRF) through the use of a unique, random token. It was found that certain operations which could reveal sensitive information, such as the controller configuration file, were not protected against CSRF. If an administrator were tricked into clicking on a malicious URL while logged into an Aruba controller's management interface, this vulnerability could leak sensitive information to an attacker. - Sending a specific malformed wireless frame to an AP-225 may cause the AP to reboot. Aruba inadvertently documented this in ArubaOS release notes before a security advisory could be issued. Affected Software/OS: - ArubaOS 6.3 up to, but not including, 6.3.1.19 - ArubaOS 6.4 up to, but not including, 6.4.2.13 and 6.4.3.4 Solution: Update to version 6.3.1.19, 6.4.2.13, 6.4.3.4, 6.4.4.0 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5437
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.