AAA, NAC, Guest Access & BYOD

Possible Vulnerabilities in 2U/4U NAC Appliances

by on ‎07-04-2014 10:57 AM

 

Product and Software: This article applies to all 2U and 4U ECS product and software versions.

2U and 4U NAC appliances are vulnerable in the scenarios described in this document. For each vulnerability, the associated impact is described.

Vulnerability #1:
UserDir directive on 'Apache/ httpd.conf' file

Impact:
Unauthorized remote users can implement brute force attacks on the Web server to guess a valid account name on the server. Even though they may be successful in obtaining a valid account, they will still have to guess the password. However, if user passwords are weak, some services can also be brute forced.
___________

Vulnerability #2:

Server supports weak encryption on port 8443

Impact:
An attacker can exploit this vulnerability to decrypt secure communications without authorization.
___________

Vulnerability #3:
SSL Server allows Cleartext Communication Vulnerability port 8443/TCP over SSL


Impact:
An attacker can exploit this vulnerability to read apparently secure communication.
___________

Vulnerability #4:
SSL Server allows Anonymous Authentication Vulnerability port 8443/TCP over SSL


Impact:
An attacker can exploit this vulnerability to impersonate your server to clients.
___________

Vulnerability #5:
Web Server HTTP Trace/Track method support cross-site tracing vulnerability port 80/TCP


Impact:
If this vulnerability is successfully exploited, users of the web server can lose their authentication credentials for the server and/or for the web applications hosted by the server to an attacker. This may be the case even if the web applications are not vulnerable to cross-site scripting attacks due to input validation errors.
___________

Vulnerability #6:
Discovery of Unix Account Names Vulnerability port 80/TCP


Impact:
Unauthorized remote users can implement brute force attacks on the web server to guess a valid account name on the server. Even though they may be successful in obtaining a valid account, they will still have to guess the password. However, if user passwords are weak, some services can also be brute forced.
___________

Vulnerability #7:
ISC BIND 9 Remote Denial of Service (DoS1 bug) Vulnerability port 53/TCP


Impact:
By exploiting this vulnerability, a malicious user can initiate a denial of service attack.
___________

Vulnerability #8:
NTP Information Disclosure Vulnerability port 123/UDP


Impact:
A remote user can obtain sensitive information about the host by querying various variables. The information obtained can aid in further attacks against the system.
___________

Vulnerability #9:
Webmin/Usermin Unspecifed Information Disclosure Vulnerability port 10000/TCP


Impact:
An attacker can exploit this issue to retrieve potentially sensitive information.
___________

Vulnerability #10:
Apache HTTP Server Multiple Vulnerabilities port 80/TCP


Impact:
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This can facilitate the theft of cookie-based authentication credentials as well as other attacks.
___________

Vulnerability #11:
RPC vulnerabilities on Port 111


Impact:
Unauthorized users can build a list of RPC services running on the host. If they discover vulnerable RPC services on the host, they can exploit them.
___________

Vulnerability #12:
SSH version 1


Impact:
SSHv1 is open to denial of service (DoS) attacks. If SSHv1 is exploited, it can allow unwanted remote access, therefore compromising data.
___________

Vulnerability #13:
Telnet


Impact:
Telnet can allow an attacker to get daemon service information if properly exploited. Telnet is not a secure method of performing remote administration and management.
___________

Vulnerability #14:
FTP


Impact:
FTP is a very insecure way of transferring data from system to system. It is also vulnerable to some buffer overflows and exploits.

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.