Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-11996

Опубликовано: 07 нояб. 2019
Источник: nvd
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
Версия от 3.1.0.0 (включая) до 3.9.1.0 (включая)
cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
Версия от 4.1.0.0 (включая) до 4.5.4.0 (включая)
cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
Версия от 5.0.1.0 (включая) до 5.0.7.0 (включая)
cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
Версия от 5.1.0.0 (включая) до 5.1.2.0 (включая)

Одно из

cpe:2.3:h:hpe:nimble_storage_af20_all_flash_array:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_af20q_all_flash_dual_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_af40_all_flash_dual_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_af60_all_flash_dual_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_af80_all_flash_dual_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_cs3000:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_cs5000:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_cs7000:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:nimble_storage_secondary_flash_arrays:-:*:*:*:*:*:*:*

EPSS

Процентиль: 63%
0.00442
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-x9fr-phq4-8582

github
больше 3 лет назад

Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be remotely exploited by an attacker to gain elevated privileges or disclose information the array. Affected products and versions include: Nimble Storage Hybrid Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage All Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage Secondary Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older

EPSS

Процентиль: 63%
0.00442
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo