Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-28620

A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27. HPE has provided a software update to resolve this vulnerability in HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX Supercomputers.

Published

2022-06-24T15:15:10.300

Last Modified

2024-11-21T06:57:35.767

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hpe	slingshot_firmware	< 1.7.2	Yes
Hardware	hpe	slingshot	-	No
Operating System	hpe	cray_ex_supercomputers_firmware	1.4.27	Yes
Operating System	hpe	cray_ex_supercomputers_firmware	1.5.33	Yes
Operating System	hpe	cray_ex_supercomputers_firmware	1.6.27	Yes
Hardware	hpe	cray_ex_supercomputers	-	No
Operating System	hpe	cray_sh_supercomputer_air_cooled_base_system_code_firmware	1.4.27	Yes
Operating System	hpe	cray_sh_supercomputer_air_cooled_base_system_code_firmware	1.5.33	Yes
Operating System	hpe	cray_sh_supercomputer_air_cooled_base_system_code_firmware	1.6.27	Yes
Hardware	hpe	cray_sh_supercomputer_air_cooled_base_system_code	-	No
Operating System	hpe	cray_sh_supercomputer_liquid_cooled_base_system_code_firmware	1.4.27	Yes
Operating System	hpe	cray_sh_supercomputer_liquid_cooled_base_system_code_firmware	1.5.33	Yes
Operating System	hpe	cray_sh_supercomputer_liquid_cooled_base_system_code_firmware	1.6.27	Yes
Hardware	hpe	cray_sh_supercomputer_liquid_cooled_base_system_code	-	No
Operating System	hpe	cray_sh_supercomputer_liquid_cooled_tds_base_system_code_firmware	1.4.27	Yes
Operating System	hpe	cray_sh_supercomputer_liquid_cooled_tds_base_system_code_firmware	1.5.33	Yes
Operating System	hpe	cray_sh_supercomputer_liquid_cooled_tds_base_system_code_firmware	1.6.27	Yes
Hardware	hpe	cray_sh_supercomputer_liquid_cooled_tds_base_system_code	-	No

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbcr04284en_us Vendor Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbcr04284en_us Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)