How severe is CVE-2017-9000?

CVE-2017-9000 has a severity rating of 9.8 (Critical).

What is the vulnerability in CVE-2017-9000?

CVE-2017-9000 is a vulnerability that allows unauthenticated arbitrary file access in ArubaOS.

Which versions of ArubaOS are affected by CVE-2017-9000?

Versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, and 8.x prior to 8.1.0.4 of ArubaOS are affected by CVE-2017-9000.

How can I fix CVE-2017-9000?

To fix CVE-2017-9000, it is recommended to upgrade to a version of ArubaOS that is not affected by the vulnerability.

Vulnerability/
CVE-2017-9000

critical

9.8

CWE

200

6/8/2018

18/10/2018

CVE-2017-9000: Infoleak

Q: What is CVE-2017-9000?

CVE-2017-9000 is a vulnerability in ArubaOS, affecting versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, and 8.x prior to 8.1.0.4.

First published: Mon Aug 06 2018(Updated: )

ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise.

Credit: security-alert@hpe.com

Affected Software	Affected Version	How to fix
Hp Arubaos	<6.3.1.25
Hp Arubaos	>=6.4<6.4.4.16
Hp Arubaos	>=6.5.0<6.5.1.9
Hp Arubaos	>=6.5.3<6.5.3.3
Hp Arubaos	>=6.5.4<6.5.4.2
Hp Arubaos	>=8.0<8.1.0.4
Hp Arubaos	=6.5.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-9000?
CVE-2017-9000 is a vulnerability in ArubaOS, affecting versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, and 8.x prior to 8.1.0.4.
How severe is CVE-2017-9000?
CVE-2017-9000 has a severity rating of 9.8 (Critical).
What is the vulnerability in CVE-2017-9000?
CVE-2017-9000 is a vulnerability that allows unauthenticated arbitrary file access in ArubaOS.
Which versions of ArubaOS are affected by CVE-2017-9000?
Versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, and 8.x prior to 8.1.0.4 of ArubaOS are affected by CVE-2017-9000.
How can I fix CVE-2017-9000?
To fix CVE-2017-9000, it is recommended to upgrade to a version of ArubaOS that is not affected by the vulnerability.

collector/nvd-index
agent/severity
agent/author
agent/weakness
agent/references
agent/type
agent/event
agent/description
agent/softwarecombine
agent/last-modified-date
agent/tags
vendor/hp
canonical/hp arubaos
version/hp arubaos/6.4
version/hp arubaos/6.5.0
version/hp arubaos/6.5.3
version/hp arubaos/6.5.4
version/hp arubaos/8.0
version/hp arubaos/6.5.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.