SNMPv3 Credential Exposure in HPE OneView Appliances
CVE-2023-28090

5.5MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Oneview
Vendor: CVE Published:; 25 April 2023

What is CVE-2023-28090?

A vulnerability in the HPE OneView appliance allows for the dump of data that may unintentionally expose SNMPv3 read credentials. This exposure can lead to unauthorized access and should be addressed to secure the network environment. It is crucial for organizations using HPE OneView to assess their configurations and apply any necessary updates or mitigations.

Affected Version(s)

HPE OneView 0 < 8.2

HPE OneView 0 < 6.60.04 LTS

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2023
Vulnerability Reserved
Mar 10, 2023

HP (HP)

What is CVE-2023-28090?

Affected Version(s)

References

CVSS V3.1

Timeline