Lucene search

[email protected]CVE-2021-26588

HistoryOct 11, 2021 - 5:15 p.m.

CVE-2021-26588

2021-10-1117:15:07

[email protected]

web.nvd.nist.gov

hpe

3par

primera

alletra 9000

firmware

vulnerability

exploit

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.1%

JSON

A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware.

Affected configurations

NVD

Node

hpe3par_storeserv_10400Match-

hpe3par_storeserv_10800Match-

hpe3par_storeserv_20000Match-

hpe3par_storeserv_7200cMatch-

hpe3par_storeserv_7400cMatch-

hpe3par_storeserv_7440cMatch-

hpe3par_storeserv_8000Match-

hpe3par_storeserv_9000Match-

AND

hpe3par_osMatch3.3.1_mp5_p156

hpe3par_osMatch3.3.1_mu1

hpe3par_osMatch3.3.1_mu2_p157

hpe3par_osMatch3.3.2_ga_p_01

Node

hpeprimera_630Match-

AND

hpeprimera_630_firmwareRange4.0.0–4.3.3

Node

hpeprimera_650Match-

AND

hpeprimera_650_firmwareRange4.0.0–4.3.3

Node

hpeprimera_670Match-

AND

hpeprimera_670_firmwareRange4.0.0–4.3.3

Node

hpealletra_9060Match-

AND

hpealletra_9060_firmwareRange9.3.0–9.4.0

Node

hpealletra_9080Match-

AND

hpealletra_9080_firmwareRange9.3.0–9.4.0

CPENameOperatorVersion
hpe:3par_oshpe 3par oseq3.3.1_mp5_p156
hpe:3par_oshpe 3par oseq3.3.1_mu1
hpe:3par_oshpe 3par oseq3.3.1_mu2_p157
hpe:3par_oshpe 3par oseq3.3.2_ga_p_01

CPE	Name	Operator	Version
hpe:3par_os	hpe 3par os	eq	3.3.1_mp5_p156
hpe:3par_os	hpe 3par os	eq	3.3.1_mu1
hpe:3par_os	hpe 3par os	eq	3.3.1_mu2_p157
hpe:3par_os	hpe 3par os	eq	3.3.2_ga_p_01

CNA Affected

[
  {
    "product": "HP 3PAR StoreServ 10000 Storage; HP 3PAR StoreServ 7000 Storage; HPE 3PAR StoreServ 8000 Storage; HPE Primera 600 Storage; HPE 3PAR StoreServ 20000; HPE Alletra 9000; HPE 3PAR StoreServ 9000 Storage",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01"
      },
      {
        "status": "affected",
        "version": "4.0.0 to 4.2.8 or 4.0.0 to 4.3.3"
      },
      {
        "status": "affected",
        "version": "9.3.0 to 9.3.3 or 9.3.0 to 9.4.0"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.1%

JSON

Related for CVE-2021-26588

prion1 cvelist1 nvd1