Lucene search

[email protected]CVE-2020-7131

HistoryApr 24, 2020 - 6:15 p.m.

CVE-2020-7131

2020-04-2418:15:13

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-7131

security vulnerability

blade maintenance entity

integrated maintenance entity

maintenance entity

udp port 17185

information disclosure

dos attack

local memory corruption

system control

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access to the Maintenance LAN to which Blade Maintenance Entity, Integrated Maintenance Entity or Maintenance Entity product is connected. Workaround: Block the UDP port 17185(In the Maintenance LAN Network Switch/Firewall). Fix: Install following SPRs, which are already available: * T1805A01^AAI (Integrated Maintenance Entity) * T4805A01^AAZ (Blade Maintenance Entity). These SPRs are also usable with the following RVUs: * J06.19.00 ? J06.23.01. No fix planned for the following RVUs: J06.04.00 ? J06.18.01. No fix planned for H-Series NonStop systems. No fix planned for the product T2805 (Maintenance Entity).

Affected configurations

NVD

Node

hpblade_maintenance_entityRanget4805a01–t4805a01\^aay

hpintegrated_maintenance_entityRanget2805a01–t2805a01\^aau

hpmaintenance_entityRanget1805a01–t1805a01\^aah

CPENameOperatorVersion
hp:blade_maintenance_entityhp blade maintenance entitylet4805a01\^aay
hp:integrated_maintenance_entityhp integrated maintenance entitylet2805a01\^aau
hp:maintenance_entityhp maintenance entitylet1805a01\^aah

CPE	Name	Operator	Version
hp:blade_maintenance_entity	hp blade maintenance entity	le	t4805a01\^aay
hp:integrated_maintenance_entity	hp integrated maintenance entity	le	t2805a01\^aau
hp:maintenance_entity	hp maintenance entity	le	t1805a01\^aah

CNA Affected

[
  {
    "product": "Integrated Maintenance Entity T1805; Maintenance Entity T2805; Blade Maintenance Entity FW T4805",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "T1805A01 through T1805A01^AAH"
      },
      {
        "status": "affected",
        "version": "- T2805A01 through T2805A01^AAU"
      },
      {
        "status": "affected",
        "version": "- T4805A01 through T4805A01^AAY"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03996en_us

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

Related for CVE-2020-7131

prion1 nvd1 cvelist1