8.8

CVE-2020-7138

EPSS 1.92%
Published 19.05.2020 23:15:09
Last modified 21.11.2024 05:36:41
Source security-alert@hpe.com
Teams watchlist Login
Open Login

Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Hpe ≫ Nimbleos Version >= 3.1.0.0 <= 3.9.3.0

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Hpe ≫ Nimbleos Version >= 4.1.0.0 <= 4.5.6.0

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Hpe ≫ Nimbleos Version >= 5.0.1.0 <= 5.0.9.0

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Hpe ≫ Nimbleos Version >= 5.1.0.0 <= 5.1.4.100

   Hpe ≫ Nimble Storage Af20 All Flash Array Version-
   Hpe ≫ Nimble Storage Af20q All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af40 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af60 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Af80 All Flash Dual Controller Version-
   Hpe ≫ Nimble Storage Cs3000 Version-
   Hpe ≫ Nimble Storage Cs5000 Version-
   Hpe ≫ Nimble Storage Cs7000 Version-
   Hpe ≫ Nimble Storage Secondary Flash Arrays Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.92%	0.826

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7138

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7138

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7138

EUVD