CVE-2016-2031: Input Validation
First published: Fri Jan 31 2020(Updated: )
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Airwave | <8.2.0.0 | |
| Arubanetworks Aruba Instant | <4.1.3.0 | |
| Arubanetworks Aruba Instant | =4.2.3.1 | |
| Arubanetworks Arubaos | ||
| Siemens Scalance W1750d Firmware | ||
| Siemens SCALANCE W1750D |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html
- http://seclists.org/fulldisclosure/2016/May/19
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf
- https://www.securityfocus.com/bid/90207
Frequently Asked Questions
What is the severity of CVE-2016-2031?
The severity of CVE-2016-2031 is critical.
Which software versions are affected by CVE-2016-2031?
Aruba Instate versions before 4.1.3.0 and 4.2.3.1 are affected by CVE-2016-2031.
What is the CWE ID of CVE-2016-2031?
The CWE ID of CVE-2016-2031 is 20.
How can a malicious user exploit CVE-2016-2031?
A malicious user can exploit CVE-2016-2031 by bypassing security restrictions, obtaining sensitive information, and performing unauthorized actions.
Are Siemens Scalance W1750d devices vulnerable to CVE-2016-2031?
No, Siemens Scalance W1750d devices are not vulnerable to CVE-2016-2031.
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/softwarecombine
- agent/type
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/arubanetworks
- canonical/arubanetworks airwave
- canonical/arubanetworks aruba instant
- version/arubanetworks aruba instant/4.2.3.1
- canonical/arubanetworks arubaos
- vendor/siemens
- canonical/siemens scalance w1750d firmware
- canonical/siemens scalance w1750d