Lucene search

K
cve[email protected]CVE-2019-12001
HistoryApr 17, 2020 - 2:15 p.m.

CVE-2019-12001

2020-04-1714:15:14
CWE-613
web.nvd.nist.gov
31
cve-2019-12001
remote session
hpe
msa storage
vulnerability
access restriction bypass
nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.

Affected configurations

NVD
Node
hpemsa_1040Match-
AND
hpemsa_1040_firmwareRangegl225p001
Node
hpemsa_2040Match-
AND
hpemsa_2040_firmwareRangegl225p001
Node
hpemsa_2042Match-
AND
hpemsa_2042_firmwareRangegl225p001
Node
hpemsa_1050Match-
AND
hpemsa_1050_firmwareRangeve270r001-01
Node
hpemsa_2050Match-
AND
hpemsa_2050_firmwareRangevl270r001-01
Node
hpemsa_2052Match-
AND
hpemsa_2052_firmwareRangevl270r001-01

CNA Affected

[
  {
    "product": "HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "HPE MSA 1040 SAN Storage GL225P001 and earlier"
      },
      {
        "status": "affected",
        "version": "HPE MSA 2040 SAN Storage GL225P001 and earlier"
      },
      {
        "status": "affected",
        "version": "HPE MSA 2042 SAN Storage GL225P001 and earlier"
      },
      {
        "status": "affected",
        "version": "HPE MSA 1050 SAN Storage VE270R001-01 and earlier"
      },
      {
        "status": "affected",
        "version": "HPE MSA 2050 SAN Storage VL270R001-01 and earlier"
      },
      {
        "status": "affected",
        "version": "HPE MSA 2052 SAN Storage VL270R001-01 and earlier"
      }
    ]
  }
]

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

Related for CVE-2019-12001