CVE-2022-38017

2022-10-1119:15:14

microsoft

web.nvd.nist.gov

cve-2022-38017

storsimple

elevation of privilege

vulnerability

nvd

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

23.4%

JSON

StorSimple 8000 Series Elevation of Privilege Vulnerability

Affected configurations

Nvd

Vulners

Node

microsoftstorsimple_8010_firmwareMatch-

AND

microsoftstorsimple_8010Match-

Node

microsoftstorsimple_8020_firmwareMatch-

AND

microsoftstorsimple_8020Match-

VendorProductVersionCPE
microsoftstorsimple_8010_firmware-cpe:2.3:o:microsoft:storsimple_8010_firmware:-:*:*:*:*:*:*:*
microsoftstorsimple_8010-cpe:2.3:h:microsoft:storsimple_8010:-:*:*:*:*:*:*:*
microsoftstorsimple_8020_firmware-cpe:2.3:o:microsoft:storsimple_8020_firmware:-:*:*:*:*:*:*:*
microsoftstorsimple_8020-cpe:2.3:h:microsoft:storsimple_8020:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	storsimple_8010_firmware	-	cpe:2.3:o:microsoft:storsimple_8010_firmware:-:::::::*
microsoft	storsimple_8010	-	cpe:2.3:h:microsoft:storsimple_8010:-:::::::*
microsoft	storsimple_8020_firmware	-	cpe:2.3:o:microsoft:storsimple_8020_firmware:-:::::::*
microsoft	storsimple_8020	-	cpe:2.3:h:microsoft:storsimple_8020:-:::::::*

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Azure StorSimple 8000 Series",
    "cpes": [
      "cpe:2.3:o:microsoft:storsimple_8000_series:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "6.3.0.0",
        "lessThan": "6.3.9600.17886",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]