CVE-2017-5810

9.8CRITICAL

Key Information:

Vendor
HP
Status
Network Automation
Vendor
CVE Published:
15 February 2018

Summary

A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

Affected Version(s)

Network Automation 9.1x, 9.2x, 10.0x, 10.1x and 10.2x

References

https://support.hpe.com/hpsc/doc/public/display?docId=emr...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/98331
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038407
vdb-entryx_refsource_SECTRACK

EPSS Score

73% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.