Remote Session Reuse Vulnerability in HPE MSA SAN Storage Products
CVE-2019-12002

9.8CRITICAL

Key Information:

Vendor: HP
Status: HPe Msa 2040 San Storage; HPe Msa 1040 San Storage; HPe Msa 1050 San Storage; HPe Msa 2042 San Storage; HPe Msa 2050 San Storage; HPe Msa 2052 San Storage
Vendor: CVE Published:; 17 April 2020

Summary

A vulnerability exists in HPE MSA SAN Storage products that allows attackers to bypass access restrictions through remote session reuse. This flaw affects multiple versions, creating opportunities for unauthorized access to sensitive data and system controls. Users and administrators should review their security configurations and apply recommended patches to mitigate this risk effectively.

Affected Version(s)

HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage HPE MSA 1040 SAN Storage GL225P001 and earlier

HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage HPE MSA 2040 SAN Storage GL225P001 and earlier

HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage HPE MSA 2042 SAN Storage GL225P001 and earlier

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2020
Vulnerability Reserved
May 13, 2019