10

CVE-2019-11996

EPSS 0.44%
Published 07.11.2019 19:15:14
Last modified 21.11.2024 04:22:07
Source security-alert@hpe.com
Teams watchlist Login
Open Login

Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Hpe ≫ Nimbleos Version >= 3.1.0.0 <= 3.9.1.0

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Hpe ≫ Nimbleos Version >= 4.1.0.0 <= 4.5.4.0

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Hpe ≫ Nimbleos Version >= 5.0.1.0 <= 5.0.7.0

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Hpe ≫ Nimbleos Version >= 5.1.0.0 <= 5.1.2.0

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.44%	0.604

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-11996

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11996

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11996

EUVD