Login Sign Up

CVE-2017-8977

9.1 CRITICAL
Denial of Service

📋 TL;DR

A remote denial of service vulnerability in HPE Moonshot Provisioning Manager Appliance allows attackers to crash the service remotely, making it unavailable. This affects organizations using HPE Moonshot Provisioning Manager Appliance version 1.20. The vulnerability stems from improper input validation (CWE-20).

💻 Affected Systems

Products:
  • Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance
Versions: v1.20
Operating Systems: Appliance-specific OS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific appliance version; other Moonshot components may not be directly affected.

📦 What is this software?

Moonshot Provisioning Manager Appliance by Hp

View all CVEs affecting Moonshot Provisioning Manager Appliance →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of the provisioning manager, disrupting management of Moonshot server cartridges and potentially affecting dependent systems.

🟠

Likely Case

Service disruption requiring manual restart of the provisioning manager appliance, causing temporary management unavailability.

🟢

If Mitigated

Minimal impact if appliance is behind proper network segmentation and access controls.

🌐 Internet-Facing: HIGH - If exposed to internet, vulnerable to simple DoS attacks from any source.
🏢 Internal Only: MEDIUM - Still vulnerable to internal threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Remote exploitation without authentication makes this particularly dangerous despite being 'just' DoS.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.21 or later

Vendor Advisory: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us

Restart Required: Yes

Instructions:

1. Download updated firmware from HPE support portal. 2. Backup current configuration. 3. Apply firmware update via appliance management interface. 4. Reboot appliance as directed.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to the provisioning manager appliance to only trusted management networks.

Firewall Rules

all

Implement strict firewall rules to limit which IP addresses can communicate with the appliance.

🧯 If You Can't Patch

  • Isolate the appliance on a dedicated management VLAN with strict access controls.
  • Implement network monitoring and alerting for unusual traffic patterns to the appliance.

🔍 How to Verify

Check if Vulnerable:

Check appliance version via web interface or SSH: Look for version 1.20 in system information.

Check Version:

ssh admin@appliance-ip 'show version' or check web admin interface

Verify Fix Applied:

Verify version is 1.21 or higher after applying update.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected service crashes/restarts
  • High volume of malformed requests
  • Connection spikes from single sources

Network Indicators:

  • Unusual traffic patterns to provisioning manager ports
  • Repeated connection attempts to service ports

SIEM Query:

source="moonshot-provisioning" AND (event="service_crash" OR event="connection_flood")

📊 Metadata

CVE ID: CVE-2017-8977
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-20
Published: February 15, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-8977, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2019-11708 10.0

This vulnerability allows a compromised child process in Firefox/Thunderbird to trick the parent pro...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)