CVE-2019-11996

EUVD-2019-3652
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
hpenimbleos
3.1.0.0 ≤
𝑥
≤ 3.9.1.0
hpenimbleos
4.1.0.0 ≤
𝑥
≤ 4.5.4.0
hpenimbleos
5.0.1.0 ≤
𝑥
≤ 5.0.7.0
hpenimbleos
5.1.0.0 ≤
𝑥
≤ 5.1.2.0
𝑥
= Vulnerable software versions
References
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us