CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2017-9000
https://notcve.org/view.php?id=CVE-2017-9000
06 Aug 2018 — ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal funct... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-9003
https://notcve.org/view.php?id=CVE-2017-9003
06 Aug 2018 — Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed. Están presentes múltiples errores de corrupción de memoria en ArubaOS, que podrían permitir que un usuario no autenticado provoque el cierre inesperado de los procesos de ArubaOS. Con el suficiente tiempo y esfue... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-006.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •