ID

VAR-201808-0940


CVE

CVE-2018-7095


TITLE

3PAR Service Processor Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008961

DESCRIPTION

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass. 3PAR Service Processor (SP) Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2018-7095 // JVNDB: JVNDB-2018-008961

AFFECTED PRODUCTS

vendor:hpmodel:3par service providerscope:eqversion:sp-4.2.0

Trust: 1.6

vendor:hpmodel:3par service providerscope:eqversion:sp-4.3.0

Trust: 1.6

vendor:hpmodel:3par service providerscope:eqversion:sp-4.4.0

Trust: 1.6

vendor:hewlett packardmodel:hpe 3par service processorscope:ltversion:sp-4.4.0.ga-110(mu7)

Trust: 0.8

sources: JVNDB: JVNDB-2018-008961 // CNNVD: CNNVD-201808-441 // NVD: CVE-2018-7095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7095
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7095
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201808-441
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-7095
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-7095
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-008961 // CNNVD: CNNVD-201808-441 // NVD: CVE-2018-7095

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2018-008961 // NVD: CVE-2018-7095

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-441

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-441

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:hp:3par_service_processor_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2018-008961

PATCH

title:hpesbst03861en_usurl:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us

Trust: 0.8

title:hpesbst03884en_usurl:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us

Trust: 0.8

title:HPE 3PAR Service Processor Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83897

Trust: 0.6

sources: JVNDB: JVNDB-2018-008961 // CNNVD: CNNVD-201808-441

EXTERNAL IDS

db:NVDid:CVE-2018-7095

Trust: 2.4

db:JVNDBid:JVNDB-2018-008961

Trust: 0.8

db:CNNVDid:CNNVD-201808-441

Trust: 0.6

sources: JVNDB: JVNDB-2018-008961 // CNNVD: CNNVD-201808-441 // NVD: CVE-2018-7095

REFERENCES

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbst03861en_us

Trust: 1.6

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbst03884en_us

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7095

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-7095

Trust: 0.8

sources: JVNDB: JVNDB-2018-008961 // CNNVD: CNNVD-201808-441 // NVD: CVE-2018-7095

SOURCES

db:JVNDBid:JVNDB-2018-008961
db:CNNVDid:CNNVD-201808-441
db:NVDid:CVE-2018-7095

LAST UPDATE DATE

2024-11-23T22:21:56.727000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2018-008961date:2018-11-02T00:00:00
db:CNNVDid:CNNVD-201808-441date:2019-10-23T00:00:00
db:NVDid:CVE-2018-7095date:2024-11-21T04:11:38.150

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2018-008961date:2018-11-02T00:00:00
db:CNNVDid:CNNVD-201808-441date:2018-08-14T00:00:00
db:NVDid:CVE-2018-7095date:2018-08-14T14:29:00.790