Authentication Bypass in HPE MSA 1040 and MSA 2040 SAN Storage
CVE-2017-8960

9.8CRITICAL

Key Information:

Vendor: HP
Status: Msa 1040 And 2040 San Storage
Vendor: CVE Published:; 15 February 2018

Summary

An Authentication Bypass vulnerability exists in HPE MSA 1040 and MSA 2040 SAN Storage systems, affecting versions GL220P008 and earlier. This flaw enables unauthorized users to access certain paths and functionalities without proper authentication, potentially leading to unauthorized information disclosure or manipulation of storage configurations. It's crucial for organizations to apply the necessary patches and updates to mitigate this risk and safeguard their storage environments.

Affected Version(s)

MSA 1040 and 2040 SAN Storage GL220P008 and earlier

References

https://support.hpe.com/hpsc/doc/public/display?docId=emr...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2018
Vulnerability Reserved
May 15, 2017