Lucene search

HpeCVE-2022-23702

HistoryApr 12, 2022 - 5:15 p.m.

CVE-2022-23702

2022-04-1217:15:09

hpe

web.nvd.nist.gov

cve-2022-23702

hpe superdome flex

superdome flex 280

privilege escalation

firmware update

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

12.6%

JSON

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later.

Affected configurations

Nvd

Node

hpesuperdome_flex_server_firmwareRange<3.50.58

AND

hpesuperdome_flex_serverMatch-

Node

hpesuperdome_flex_280_server_firmwareRange<1.20.204

AND

hpesuperdome_flex_280_serverMatch-

VendorProductVersionCPE
hpesuperdome_flex_server_firmware*cpe:2.3:o:hpe:superdome_flex_server_firmware:*:*:*:*:*:*:*:*
hpesuperdome_flex_server-cpe:2.3:h:hpe:superdome_flex_server:-:*:*:*:*:*:*:*
hpesuperdome_flex_280_server_firmware*cpe:2.3:o:hpe:superdome_flex_280_server_firmware:*:*:*:*:*:*:*:*
hpesuperdome_flex_280_server-cpe:2.3:h:hpe:superdome_flex_280_server:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hpe	superdome_flex_server_firmware	*	cpe:2.3:o:hpe:superdome_flex_server_firmware::::::::
hpe	superdome_flex_server	-	cpe:2.3:h:hpe:superdome_flex_server:-:::::::*
hpe	superdome_flex_280_server_firmware	*	cpe:2.3:o:hpe:superdome_flex_280_server_firmware::::::::
hpe	superdome_flex_280_server	-	cpe:2.3:h:hpe:superdome_flex_280_server:-:::::::*

CNA Affected

[
  {
    "product": "HPE Superdome Flex Server; HPE Superdome Flex 280 Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 3.50.58"
      },
      {
        "status": "affected",
        "version": "Prior to 1.20.204"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04266en_us

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-23702