CVE-2020-7139
Published May 19, 2020
Last updated 3 years ago
Overview
- Description
- Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
- Source
- security-alert@hpe.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ED4835A-3E32-4A49-A4AB-34C70B4B5104",
"versionEndIncluding": "3.9.3.0",
"versionStartIncluding": "3.1.0.0"
},
{
"criteria": "cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A2C0C83-5678-41EC-A684-DF92D20B1F44",
"versionEndIncluding": "4.5.6.0",
"versionStartIncluding": "4.1.0.0"
},
{
"criteria": "cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7190EA9-2B90-4499-99E3-7A1B3DC178EC",
"versionEndIncluding": "5.0.9.0",
"versionStartIncluding": "5.0.1.0"
},
{
"criteria": "cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FC12F4A-EB6E-40C9-ACD1-13543D059C15",
"versionEndIncluding": "5.1.4.100",
"versionStartIncluding": "5.1.0.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:nimble_storage_af20_all_flash_array:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "80CF1BE0-0224-4190-BBC6-7D4373234E85"
},
{
"criteria": "cpe:2.3:h:hpe:nimble_storage_af20q_all_flash_dual_controller:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D5E0887F-E894-4821-A171-96D758A8F8CE"
},
{
"criteria": "cpe:2.3:h:hpe:nimble_storage_af40_all_flash_dual_controller:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "14AC79A7-DDF9-4212-AAEC-458FA7E5E06A"
},
{
"criteria": "cpe:2.3:h:hpe:nimble_storage_af60_all_flash_dual_controller:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F7985641-BC1A-42B6-8B61-147848AB77AF"
},
{
"criteria": "cpe:2.3:h:hpe:nimble_storage_af80_all_flash_dual_controller:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "508699FE-1F81-43EE-848F-203420217356"
},
{
"criteria": "cpe:2.3:h:hpe:nimble_storage_cs3000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DFD2E78D-2C8F-46BA-804C-10110687F148"
},
{
"criteria": "cpe:2.3:h:hpe:nimble_storage_cs5000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DB8C5FF4-BF19-4E0C-BDED-AEBE75E95D7C"
},
{
"criteria": "cpe:2.3:h:hpe:nimble_storage_cs7000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "009451E7-756D-47DD-954F-5041389E7C36"
},
{
"criteria": "cpe:2.3:h:hpe:nimble_storage_secondary_flash_arrays:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DD1E0DC2-CBA3-4921-8458-705F6709E3D5"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]