{"api_version":"1","generated_at":"2026-04-23T04:09:53+00:00","cve":"CVE-2017-9003","urls":{"html":"https://cve.report/CVE-2017-9003","api":"https://cve.report/api/cve/CVE-2017-9003.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-9003","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-9003"},"summary":{"title":"CVE-2017-9003","description":"Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.","state":"PUBLIC","assigner":"security-alert@hpe.com","published_at":"2018-08-06 20:29:00","updated_at":"2018-10-18 13:32:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt","name":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1039580","name":"1039580","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Aruba Mobility Controller Multiple Bugs Let Remote Users Access Files and Execute Arbitrary Code and Let Remote Authenticated Users Inject SQL Commands - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-9003","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9003","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"9003","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"hp","cpe5":"arubaos","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"9003","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"hp","cpe5":"arubaos","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-alert@hpe.com","ID":"CVE-2017-9003","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ArubaOS","version":{"version_data":[{"version_value":"all versions prior to 6.3.1.25 -- 6.4 prior to 6.4.4.16 -- 6.5.x prior to 6.5.1.9 -- 6.5.2 -- 6.5.3 prior to 6.5.3.3 -- 6.5.4 prior to 6.5.4.2 -- 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally."}]}}]},"vendor_name":"Hewlett Packard Enterprise"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"unauthenticated memory corruption leading to remote code execution"}]}]},"references":{"reference_data":[{"name":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt","refsource":"CONFIRM","url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt"},{"name":"1039580","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039580"}]}},"nvd":{"publishedDate":"2018-08-06 20:29:00","lastModifiedDate":"2018-10-18 13:32:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE","baseScore":7.8},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:hp:arubaos:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"9003","Ordinal":"105942","Title":"CVE-2017-9003","CVE":"CVE-2017-9003","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"9003","Ordinal":"1","NoteData":"Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"9003","Ordinal":"2","NoteData":"2018-08-06","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"9003","Ordinal":"3","NoteData":"2018-08-07","Type":"Other","Title":"Modified"}]}}}