Lucene search

[email protected]CVE-2017-9000

HistoryAug 06, 2018 - 8:29 p.m.

CVE-2017-9000

2018-08-0620:29:01

CWE-200

[email protected]

web.nvd.nist.gov

arubaos

unauthenticated access

arbitrary file access

vulnerability

security

nvd

cve-2017-9000

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

JSON

ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise.

Affected configurations

NVD

Node

hparubaosRange<6.3.1.25

hparubaosRange6.4–6.4.4.16

hparubaosRange6.5.0–6.5.1.9

hparubaosRange6.5.3–6.5.3.3

hparubaosRange6.5.4–6.5.4.2

hparubaosRange8.0–8.1.0.4

hparubaosMatch6.5.2

CPENameOperatorVersion
hp:arubaoshp arubaoslt6.3.1.25
hp:arubaoshp arubaoslt6.4.4.16
hp:arubaoshp arubaoslt6.5.1.9
hp:arubaoshp arubaoslt6.5.3.3
hp:arubaoshp arubaoslt6.5.4.2
hp:arubaoshp arubaoslt8.1.0.4
hp:arubaoshp arubaoseq6.5.2

CPE	Name	Operator	Version
hp:arubaos	hp arubaos	lt	6.3.1.25
hp:arubaos	hp arubaos	lt	6.4.4.16
hp:arubaos	hp arubaos	lt	6.5.1.9
hp:arubaos	hp arubaos	lt	6.5.3.3
hp:arubaos	hp arubaos	lt	6.5.4.2
hp:arubaos	hp arubaos	lt	8.1.0.4
hp:arubaos	hp arubaos	eq	6.5.2

CNA Affected

[
  {
    "product": "ArubaOS",
    "vendor": "Hewlett Packard Enterprise",
    "versions": [
      {
        "status": "affected",
        "version": "all versions prior to 6.3.1.25 -- 6.4 prior to 6.4.4.16 -- 6.5.x prior to 6.5.1.9 -- 6.5.2 -- 6.5.3 prior to 6.5.3.3 -- 6.5.4 prior to 6.5.4.2 -- 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally."
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt

www.securitytracker.com/id/1039580

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

JSON

Related for CVE-2017-9000

cvelist1 nvd1 prion1 nessus1