Command Injection Vulnerability in HPE Nimble Storage Solutions
CVE-2022-28618

9.8CRITICAL

Key Information:

Vendor: HP
Status: HP Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays
Vendor: CVE Published:; 20 May 2022

What is CVE-2022-28618?

A command injection vulnerability has been discovered in HPE Nimble Storage Hybrid Flash Arrays, All Flash Arrays, and Secondary Flash Arrays. This security weakness allows attackers to execute arbitrary commands on affected Nimble appliances, potentially compromising system integrity and data security. To address this issue, HPE has released software updates for the affected products, specifically versions 5.0.10.100 or later, 5.2.1.0 or later, and 6.0.0.100 or later. It is crucial for users to implement these updates promptly to ensure their systems remain secure.

Affected Version(s)

HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays 5.0.10.0 and earlier

HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays 5.2.1.400 and earlier

HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays and 5.3.1.0 and earlier

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2022
Vulnerability Reserved
Apr 4, 2022

JSON