Sign-up

ID

VAR-201502-0413


CVE

CVE-2015-1348


TITLE

Aruba Instant Heap-based buffer overflow vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2015-001426

DESCRIPTION

Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface. Aruba Networks Instant Access Point is prone to a remote heap-based buffer-overflow vulnerability. The solution supports virtual Aruba mobility controllers on 802.11n access points (APs), creating enterprise-class wireless local area networks (WLANs) and enterprise entry-level Wi-Fi networks

Trust: 1.98

sources: NVD: CVE-2015-1348 // JVNDB: JVNDB-2015-001426 // BID: 73074 // VULHUB: VHN-79309

AFFECTED PRODUCTS

vendor:arubanetworksmodel:instant access pointscope:eqversion:4.1.1

Trust: 1.9

vendor:arubanetworksmodel:instant access pointscope:eqversion:4.1.1.1

Trust: 1.9

vendor:arubanetworksmodel:instant access pointscope:eqversion:4.1.0.2

Trust: 1.9

vendor:arubanetworksmodel:instant access pointscope:eqversion:4.1.0.1

Trust: 1.9

vendor:arubanetworksmodel:instant access pointscope:eqversion:4.1.0.0

Trust: 1.9

vendor:arubanetworksmodel:instant access pointscope:lteversion:4.0.0.6

Trust: 1.0

vendor:arubanetworksmodel:instant access pointscope:eqversion:4.0.0.6

Trust: 0.9

vendor:arubamodel:instant apscope:ltversion:4.1.x

Trust: 0.8

vendor:arubamodel:instant apscope:eqversion:4.1.1.2

Trust: 0.8

vendor:arubamodel:instant apscope: - version: -

Trust: 0.8

vendor:arubanetworksmodel:instant access pointscope:neversion:4.1.1.2

Trust: 0.3

vendor:arubanetworksmodel:instant access pointscope:neversion:4.0.0.7

Trust: 0.3

sources: BID: 73074 // JVNDB: JVNDB-2015-001426 // CNNVD: CNNVD-201502-054 // NVD: CVE-2015-1348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1348
value: HIGH

Trust: 1.0

NVD: CVE-2015-1348
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201502-054
value: HIGH

Trust: 0.6

VULHUB: VHN-79309
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-1348
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-79309
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-79309 // JVNDB: JVNDB-2015-001426 // CNNVD: CNNVD-201502-054 // NVD: CVE-2015-1348

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-79309 // JVNDB: JVNDB-2015-001426 // NVD: CVE-2015-1348

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-054

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201502-054

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001426

PATCH
title:Aruba Instant APurl:http://www.arubanetworks.co.jp/products/instant-access-points/
Trust: 0.8
title:ARUBA-PSA-2015-001url:http://www.arubanetworks.com/assets/alert/aruba-psa-2015-001.txt
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001426

EXTERNAL IDS
db:NVDid:CVE-2015-1348
Trust: 2.8
db:JVNDBid:JVNDB-2015-001426
Trust: 0.8
db:CNNVDid:CNNVD-201502-054
Trust: 0.7
db:BIDid:73074
Trust: 0.4
db:VULHUBid:VHN-79309
Trust: 0.1
sources:
            
            
            VULHUB: VHN-79309 // 
            
            
            
            BID: 73074 // 
            
            
            
            JVNDB: JVNDB-2015-001426 // 
            
            
            
            CNNVD: CNNVD-201502-054 // 
            
            
            
            NVD: CVE-2015-1348

REFERENCES
url:http://www.arubanetworks.com/support/alerts/aruba-psa-2015-001.txt
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1348
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1348
Trust: 0.8
url:http://www.arubanetworks.com/products/networking/access-points/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-79309 // 
            
            
            
            BID: 73074 // 
            
            
            
            JVNDB: JVNDB-2015-001426 // 
            
            
            
            CNNVD: CNNVD-201502-054 // 
            
            
            
            NVD: CVE-2015-1348

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 73074

SOURCES
db:VULHUBid:VHN-79309
db:BIDid:73074
db:JVNDBid:JVNDB-2015-001426
db:CNNVDid:CNNVD-201502-054
db:NVDid:CVE-2015-1348

LAST UPDATE DATE
2025-04-13T23:27:33.762000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-79309date:2015-02-04T00:00:00
db:BIDid:73074date:2015-03-02T00:00:00
db:JVNDBid:JVNDB-2015-001426date:2015-02-13T00:00:00
db:CNNVDid:CNNVD-201502-054date:2015-02-04T00:00:00
db:NVDid:CVE-2015-1348date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-79309date:2015-02-03T00:00:00
db:BIDid:73074date:2015-03-02T00:00:00
db:JVNDBid:JVNDB-2015-001426date:2015-02-13T00:00:00
db:CNNVDid:CNNVD-201502-054date:2015-02-04T00:00:00
db:NVDid:CVE-2015-1348date:2015-02-03T16:59:10.733