Remote Command Execution Vulnerability in HPE StoreVirtual Products
CVE-2016-8529

7.6HIGH

Key Information:

Vendor
HP
Status
Storevirtual 4000 Storage And Storevirtual Vsa Software Running Lefthand Os
Vendor
CVE Published:
15 February 2018

Summary

A vulnerability has been identified in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software that allows remote attackers to execute arbitrary commands on the systems running LeftHand OS version v12.5 and earlier. This security flaw could be exploited by malicious users to manipulate the affected systems. The issue has been addressed in LeftHand OS version v12.6 and later, therefore it is essential for users to upgrade their systems to mitigate any potential threats.

Affected Version(s)

StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS LeftHand OS v12.5 and earlier

References

http://www.securitytracker.com/id/1037762
vdb-entryx_refsource_SECTRACK
https://support.hpe.com/hpsc/doc/public/display?docId=emr...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95970
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.