← Back

CVE-2019-11993

nvd nist
Published: Jan 3, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061675&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.

Affected (8)

Hp
8 products
Simplivity 380 Gen9 Firmware
Simplivity 380 Gen10 G Firmware
Simplivity 380 Gen10 Firmware
Simplivity 2600 Gen10 Firmware
Simplivity Omnicube Firmware
Simplivity Omnistack For Dell Firmware
Simplivity Omnistack For Cisco Firmware
Simplivity Omnistack For Lenovo Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simplivity 380 Gen9 Firmware
From 3.6.2 to 3.7.9
Running on/withPlatform Versions
Hp
Simplivity 380 Gen9
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simplivity 380 Gen10 G Firmware
From 3.7.8 to 3.7.9
Running on/withPlatform Versions
Hp
Simplivity 380 Gen10 G
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simplivity 380 Gen10 Firmware
From 3.7.1 to 3.7.9
Running on/withPlatform Versions
Hp
Simplivity 380 Gen10
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simplivity 2600 Gen10 Firmware
From 3.7.5 to 3.7.9
Running on/withPlatform Versions
Hp
Simplivity 2600 Gen10
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simplivity Omnicube Firmware
From 3.0.8 to 3.7.9
Running on/withPlatform Versions
Hp
Simplivity Omnicube
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simplivity Omnistack For Dell Firmware
From 3.0.8 to 3.7.9
Running on/withPlatform Versions
Hp
Simplivity Omnistack For Dell
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simplivity Omnistack For Cisco Firmware
From 3.0.8 to 3.7.9
Running on/withPlatform Versions
Hp
Simplivity Omnistack For Cisco
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simplivity Omnistack For Lenovo Firmware
From 3.0.8 to 3.7.9
Running on/withPlatform Versions
Hp
Simplivity Omnistack For Lenovo
All versions

References (2)

Source: security-alert@hpe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.