CVE-2017-9003
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.9 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.6%
Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| hp:arubaos | hp arubaos | eq | - |
CNA Affected
[
{
"product": "ArubaOS",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "all versions prior to 6.3.1.25 -- 6.4 prior to 6.4.4.16 -- 6.5.x prior to 6.5.1.9 -- 6.5.2 -- 6.5.3 prior to 6.5.3.3 -- 6.5.4 prior to 6.5.4.2 -- 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally."
}
]
}
]Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.9 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.6%