CVE-2021-26588

A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us	Vendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:hpe:3par_os:3.3.1_mp5_p156:::::::*
	cpe:2.3:o:hpe:3par_os:3.3.1_mu1:::::::*
	cpe:2.3:o:hpe:3par_os:3.3.1_mu2_p157:::::::*
	cpe:2.3:o:hpe:3par_os:3.3.2_ga_p_01:::::::*

OR	cpe:2.3:h:hpe:3par_storeserv_10400:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_10800:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_20000:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_7200c:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_7400c:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_7440c:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_8000:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_9000:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:hpe:primera_630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:primera_630:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hpe:primera_650_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:primera_650:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:hpe:primera_670_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:primera_670:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:hpe:alletra_9060_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:alletra_9060:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:hpe:alletra_9080_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:alletra_9080:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:56

Type	Values Removed	Values Added
References	~~() https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us - Vendor Advisory~~	() https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us - Vendor Advisory

Information

Published : 2021-10-11 17:15

Updated : 2024-11-21 05:56

NVD link : CVE-2021-26588

Mitre link : CVE-2021-26588

CVE.ORG link : CVE-2021-26588

JSON object : View

Products Affected

hpe

alletra_9060_firmware
3par_storeserv_7440c
3par_storeserv_20000
alletra_9080_firmware
3par_storeserv_10800
3par_storeserv_9000
primera_670_firmware
alletra_9080
3par_storeserv_10400
3par_os
3par_storeserv_7200c
primera_670
3par_storeserv_8000
primera_650_firmware
primera_630_firmware
alletra_9060
primera_650
primera_630
3par_storeserv_7400c

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-26588", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-10-11T17:15:07.637", "references": [{"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en el firmware de HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array. Un usuario no autenticado podr\u00eda explotar remotamente el problema de baja complejidad para ejecutar c\u00f3digo como administrador. Esta vulnerabilidad afecta completamente la confidencialidad, integridad y disponibilidad de la matriz. HPE ha realizado las siguientes actualizaciones de software e informaci\u00f3n de mitigaci\u00f3n para resolver la vulnerabilidad en el firmware de 3PAR, Primera y Alletra 9000"}], "lastModified": "2024-11-21T05:56:32.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:3par_os:3.3.1_mp5_p156:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBA14C6B-DC85-4967-871D-995A214DF650"}, {"criteria": "cpe:2.3:o:hpe:3par_os:3.3.1_mu1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DA9430C-3E6A-4B41-8698-6B558B0E8D42"}, {"criteria": "cpe:2.3:o:hpe:3par_os:3.3.1_mu2_p157:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C5481A2-0E44-4D74-BEDF-AC645ECA538D"}, {"criteria": "cpe:2.3:o:hpe:3par_os:3.3.2_ga_p_01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C5B3494-DD68-4E7E-9B9A-44E8C5B883D8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:3par_storeserv_10400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B6CC3E21-536F-438C-B9BC-A9C965D4B1A0"}, {"criteria": "cpe:2.3:h:hpe:3par_storeserv_10800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8681B6DC-A597-49CE-8763-197D88394C58"}, {"criteria": "cpe:2.3:h:hpe:3par_storeserv_20000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C5F433CD-74B1-4890-A9D7-16FC9AB1628B"}, {"criteria": "cpe:2.3:h:hpe:3par_storeserv_7200c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BF319281-FEFD-4AC8-B05E-0EBD68F8DA01"}, {"criteria": "cpe:2.3:h:hpe:3par_storeserv_7400c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F9E5415-E4EA-42D4-8730-3399CEE3105E"}, {"criteria": "cpe:2.3:h:hpe:3par_storeserv_7440c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "53AAF6FE-E50F-4CC1-BB86-F09A4046C48B"}, {"criteria": "cpe:2.3:h:hpe:3par_storeserv_8000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21765026-DACF-43E9-8B81-6AB502DE2027"}, {"criteria": "cpe:2.3:h:hpe:3par_storeserv_9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B18B186-70B1-4696-ACCF-66384C7277D1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:primera_630_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F09A1455-5CA7-4203-B03F-39A97000A485", "versionEndIncluding": "4.3.3", "versionStartIncluding": "4.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:primera_630:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD9B90D0-A8EE-42F1-8A74-9450B53932C6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:primera_650_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAA5B481-1873-4F23-9ED8-EB4831953D2A", "versionEndIncluding": "4.3.3", "versionStartIncluding": "4.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:primera_650:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FD31A941-0615-4F72-85FE-910ECDEF5AC1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:primera_670_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1923BB7D-FAB9-4497-A939-8A3222AB77F3", "versionEndIncluding": "4.3.3", "versionStartIncluding": "4.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:primera_670:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1608FC66-D97B-4726-8341-4D5F97FF92F7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:alletra_9060_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D7505F3-31EE-4E01-9EE4-B8878231E898", "versionEndIncluding": "9.4.0", "versionStartIncluding": "9.3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:alletra_9060:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "73817B8A-351E-4008-8F06-2C4B6EA5D738"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:alletra_9080_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FC96F77-9877-4999-8D0A-84966D41BB55", "versionEndIncluding": "9.4.0", "versionStartIncluding": "9.3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hpe:alletra_9080:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "473D7C5D-81A8-4D75-BB9E-AE04A96742E6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security-alert@hpe.com"}

9.8 /10