CVE-2017-9003 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer in Packard Enterprise Arubaos

CWE-119 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.5HIGHNVD
EPSS
2.4%
top 14.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Hewlett Packard Enterprise Arubaos
Timeline
PublishedAug 6
Latest updateMay 14

Description

Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

β–ΆCVEListV5hewlett_packard_enterprise/arubaosall versions prior to 6.3.1.25 -- 6.4 prior to 6.4.4.16 -- 6.5.x prior to 6.5.1.9 -- 6.5.2 -- 6.5.3 prior to 6.5.3.3 -- 6.5.4 prior to 6.5.4.2 -- 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally.

πŸ”΄Vulnerability Details

2
GHSA
GHSA-gmwg-2c9p-97x5: Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes↗2022-05-14
β–Ά
CVEList
CVE-2017-9003: Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes↗2018-08-06
β–Ά
CVE-2017-9003 β€” HIGH severity | cvebase