CVE-2017-9000Sensitive Information Exposure in HP Arubaos

CWE-200Sensitive Information ExposureCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
9.8CRITICALNVD
EPSS
1.3%
top 20.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HP ArubaosHewlett Packard Enterprise Arubaos
Timeline
PublishedAug 6
Latest updateMay 14

Description

ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDhp/arubaos6.46.4.4.16+6
CVEListV5hewlett_packard_enterprise/arubaosall versions prior to 6.3.1.25 -- 6.4 prior to 6.4.4.16 -- 6.5.x prior to 6.5.1.9 -- 6.5.2 -- 6.5.3 prior to 6.5.3.3 -- 6.5.4 prior to 6.5.4.2 -- 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally.

🔴Vulnerability Details

3
GHSA
GHSA-rx65-35rg-w842: ArubaOS, all versions prior to 62022-05-14
CVEList
CVE-2017-9000: ArubaOS, all versions prior to 62018-08-06
Kernel
Merge tag 'wireless-drivers-for-davem-2017-09-25' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers2017-09-26

📋Vendor Advisories

2
Cisco
Cisco Nexus 9000 Series Switches Remote Login Denial of Service Vulnerability2017-03-15
Cisco
Cisco Nexus 9000 Series Switches Telnet Login Denial of Service Vulnerability2017-03-15
CVE-2017-9000 — Sensitive Information Exposure in HP | cvebase