Security Flaw in HPE Nimble Storage Systems by Hewlett Packard Enterprise
CVE-2022-23703

7.5HIGH

Key Information:

Vendor: HP
Status: HP Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays
Vendor: CVE Published:; 12 April 2022

What is CVE-2022-23703?

A security flaw has been identified in HPE Nimble Storage systems, affecting Hybrid Flash, All Flash, and Secondary Flash Arrays during software update processes. This vulnerability could enable an attacker to intercept and manipulate network communications linked to software updates initiated by the Nimble appliance. Affected versions include several prior to the fix found in NimbleOS version 5.0.10.100, along with versions 5.2.1.500 and 6.0.0.100. It is crucial for users to update to these secure versions to protect against potential threats.

Affected Version(s)

HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays 5.3.1.0 and earlier, 5.2.1.400 and earlier and 5.0.10.0 and earlier

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Jan 19, 2022

JSON