Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-7138

Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100

Published

2020-05-19T23:15:09.867

Last Modified

2024-11-21T05:36:41.923

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hpe	nimbleos	≤ 3.9.3.0	Yes
Operating System	hpe	nimbleos	≤ 4.5.6.0	Yes
Operating System	hpe	nimbleos	≤ 5.0.9.0	Yes
Operating System	hpe	nimbleos	≤ 5.1.4.100	Yes
Hardware	hpe	nimble_storage_af20_all_flash_array	-	No
Hardware	hpe	nimble_storage_af20q_all_flash_dual_controller	-	No
Hardware	hpe	nimble_storage_af40_all_flash_dual_controller	-	No
Hardware	hpe	nimble_storage_af60_all_flash_dual_controller	-	No
Hardware	hpe	nimble_storage_af80_all_flash_dual_controller	-	No
Hardware	hpe	nimble_storage_cs3000	-	No
Hardware	hpe	nimble_storage_cs5000	-	No
Hardware	hpe	nimble_storage_cs7000	-	No
Hardware	hpe	nimble_storage_secondary_flash_arrays	-	No

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us Vendor Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)