8.8

CVE-2020-7138

EPSS 1.92%
Veröffentlicht 19.05.2020 23:15:09
Zuletzt bearbeitet 21.11.2024 05:36:41
Quelle security-alert@hpe.com
Teams Watchlist Login
Unerledigt Login

Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hpe ≫ Nimbleos Version >= 3.1.0.0 <= 3.9.3.0

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Hpe ≫ Nimbleos Version >= 4.1.0.0 <= 4.5.6.0

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Hpe ≫ Nimbleos Version >= 5.0.1.0 <= 5.0.9.0

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Hpe ≫ Nimbleos Version >= 5.1.0.0 <= 5.1.4.100

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.92%	0.826

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7138

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7138

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7138

EUVD