CVE-2017-9001

moderate-risk
Published 2018-08-06

Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.

Do I need to act?

~
2.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Hp

References (2)

Mitigation https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt
Mitigation https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt
34
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 5/34 · Minimal
Exposure 5/34 · Minimal