cve-2017-9003
Vulnerability from cvelistv5
Published
2018-08-06 20:00
Modified
2024-08-05 16:55
Severity ?
Summary
Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.
References
security-alert@hpe.comhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txtVendor Advisory
security-alert@hpe.comhttp://www.securitytracker.com/id/1039580Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039580Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
Hewlett Packard Enterprise ArubaOS Version: all versions prior to 6.3.1.25 -- 6.4 prior to 6.4.4.16 -- 6.5.x prior to 6.5.1.9 -- 6.5.2 -- 6.5.3 prior to 6.5.3.3 -- 6.5.4 prior to 6.5.4.2 -- 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally.
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:55:22.207Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt"
          },
          {
            "name": "1039580",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039580"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ArubaOS",
          "vendor": "Hewlett Packard Enterprise",
          "versions": [
            {
              "status": "affected",
              "version": "all versions prior to 6.3.1.25 -- 6.4 prior to 6.4.4.16 -- 6.5.x prior to 6.5.1.9 -- 6.5.2 -- 6.5.3 prior to 6.5.3.3 -- 6.5.4 prior to 6.5.4.2 -- 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally."
            }
          ]
        }
      ],
      "datePublic": "2017-10-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unauthenticated memory corruption leading to remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-07T09:57:01",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt"
        },
        {
          "name": "1039580",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039580"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2017-9003",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ArubaOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all versions prior to 6.3.1.25 -- 6.4 prior to 6.4.4.16 -- 6.5.x prior to 6.5.1.9 -- 6.5.2 -- 6.5.3 prior to 6.5.3.3 -- 6.5.4 prior to 6.5.4.2 -- 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hewlett Packard Enterprise"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unauthenticated memory corruption leading to remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt"
            },
            {
              "name": "1039580",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039580"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2017-9003",
    "datePublished": "2018-08-06T20:00:00",
    "dateReserved": "2017-05-15T00:00:00",
    "dateUpdated": "2024-08-05T16:55:22.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-9003\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2018-08-06T20:29:01.383\",\"lastModified\":\"2025-01-07T11:22:47.030\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.\"},{\"lang\":\"es\",\"value\":\"Est\u00e1n presentes m\u00faltiples errores de corrupci\u00f3n de memoria en ArubaOS, que podr\u00edan permitir que un usuario no autenticado provoque el cierre inesperado de los procesos de ArubaOS. Con el suficiente tiempo y esfuerzo, es posible que estas vulnerabilidades conduzcan a la capacidad de ejecutar c\u00f3digo arbitrario; la ejecuci\u00f3n remota de c\u00f3digo no se ha confirmado todav\u00eda.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hpe:arubaos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8BA5DC7-B863-44B9-AB3A-2BBEFB02563F\"}]}]}],\"references\":[{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1039580\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1039580\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.