A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.
Weakness
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Arubaos | Arubanetworks | 6.5.4.0 (including) | 8.10.0.21 (including) |
| Arubaos | Arubanetworks | 8.11.0.0 (including) | 8.12.0.6 (including) |
| Arubaos | Arubanetworks | 8.13.0.0 (including) | 8.13.1.1 (including) |
| Arubaos | Arubanetworks | 10.3.0.0 (including) | 10.4.1.10 (including) |
| Arubaos | Arubanetworks | 10.5.0.0 (including) | 10.7.2.2 (including) |
| Arubaos | Arubanetworks | 10.8.0.0 (including) | 10.8.0.0 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/466.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/589.html
- https://cwe.mitre.org/data/definitions/590.html
- https://cwe.mitre.org/data/definitions/612.html
- https://cwe.mitre.org/data/definitions/613.html
- https://cwe.mitre.org/data/definitions/615.html
- https://cwe.mitre.org/data/definitions/662.html
- https://cwe.mitre.org/data/definitions/94.html
References
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US