Sign-up

ID

VAR-202001-0645


CVE

CVE-2019-11993


TITLE

plural HPE SimpliVity Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-014157

DESCRIPTION

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061675&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience. plural HPE SimpliVity The product contains an unspecified vulnerability.Information may be altered. There are security holes in many HPE products

Trust: 2.25

sources: NVD: CVE-2019-11993 // JVNDB: JVNDB-2019-014157 // CNVD: CNVD-2020-04654 // VULMON: CVE-2019-11993

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-04654

AFFECTED PRODUCTS

vendor:hpmodel:simplivity 380 gen10 gscope:lteversion:3.7.9

Trust: 1.0

vendor:hpmodel:simplivity omnistack for dellscope:lteversion:3.7.9

Trust: 1.0

vendor:hpmodel:simplivity omnistack for ciscoscope:gteversion:3.0.8

Trust: 1.0

vendor:hpmodel:simplivity 380 gen10 gscope:gteversion:3.7.8

Trust: 1.0

vendor:hpmodel:simplivity 2600 gen10scope:lteversion:3.7.9

Trust: 1.0

vendor:hpmodel:simplivity 380 gen9scope:lteversion:3.7.9

Trust: 1.0

vendor:hpmodel:simplivity omnicubescope:gteversion:3.0.8

Trust: 1.0

vendor:hpmodel:simplivity omnistack for lenovoscope:lteversion:3.7.9

Trust: 1.0

vendor:hpmodel:simplivity omnicubescope:lteversion:3.7.9

Trust: 1.0

vendor:hpmodel:simplivity omnistack for ciscoscope:lteversion:3.7.9

Trust: 1.0

vendor:hpmodel:simplivity omnistack for dellscope:gteversion:3.0.8

Trust: 1.0

vendor:hpmodel:simplivity omnistack for lenovoscope:gteversion:3.0.8

Trust: 1.0

vendor:hpmodel:simplivity 2600 gen10scope:gteversion:3.7.5

Trust: 1.0

vendor:hpmodel:simplivity 380 gen10scope:lteversion:3.7.9

Trust: 1.0

vendor:hpmodel:simplivity 380 gen9scope:gteversion:3.6.2

Trust: 1.0

vendor:hpmodel:simplivity 380 gen10scope:gteversion:3.7.1

Trust: 1.0

vendor:hewlett packardmodel:simplivity 2600 gen 10scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:simplivity 380 gen 10 gscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:simplivity 380 gen 10scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:simplivity 380 gen 9scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:simplivity omnicubescope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:simplivity omnistack for ciscoscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:simplivity omnistack for dellscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:simplivity omnistack for lenovoscope: - version: -

Trust: 0.8

vendor:hpmodel:simplivity gen9scope:eqversion:380>=3.6.2,<=3.7.9

Trust: 0.6

vendor:hpmodel:simplivity gen10 gscope:eqversion:380>=3.7.8,<=3.7.9

Trust: 0.6

vendor:hpmodel:simplivity gen10scope:eqversion:2600>=3.7.5,<=3.7.9

Trust: 0.6

vendor:hpmodel:simplivity omnicubescope:gteversion:3.0.8,<=3.7.9

Trust: 0.6

vendor:hpmodel:simplivity omnistack for ciscoscope:gteversion:3.0.8,<=3.7.9

Trust: 0.6

vendor:hpmodel:simplivity omnistack for lenovoscope:gteversion:3.0.8,<=3.7.9

Trust: 0.6

vendor:hpmodel:simplivity omnistack for dellscope:gteversion:3.0.8,<=3.7.9

Trust: 0.6

vendor:hpmodel:simplivity 2600 gen10scope:eqversion: -

Trust: 0.6

vendor:hpmodel:simplivity 380 gen10 gscope:eqversion: -

Trust: 0.6

vendor:hpmodel:simplivity omnistack for ciscoscope:eqversion: -

Trust: 0.6

vendor:hpmodel:simplivity omnistack for dellscope:eqversion: -

Trust: 0.6

vendor:hpmodel:simplivity omnistack for lenovoscope:eqversion: -

Trust: 0.6

vendor:hpmodel:simplivity 380 gen10scope:eqversion: -

Trust: 0.6

vendor:hpmodel:simplivity omnicubescope:eqversion: -

Trust: 0.6

vendor:hpmodel:simplivity 380 gen9scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-04654 // JVNDB: JVNDB-2019-014157 // CNNVD: CNNVD-202001-074 // NVD: CVE-2019-11993

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11993
value: HIGH

Trust: 1.0

NVD: CVE-2019-11993
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-04654
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-074
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-11993
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-11993
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-04654
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-11993
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-11993
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-04654 // VULMON: CVE-2019-11993 // JVNDB: JVNDB-2019-014157 // CNNVD: CNNVD-202001-074 // NVD: CVE-2019-11993

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2019-11993

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-074

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014157

PATCH
title:hpesbhf03955en_usurl:https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03955en_us
Trust: 0.8
title:Patch for Unknown vulnerabilities in multiple HPE productsurl:https://www.cnvd.org.cn/patchInfo/show/199971
Trust: 0.6
title:Multiple HPE Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108268
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-04654 // 
            
            
            
            JVNDB: JVNDB-2019-014157 // 
            
            
            
            CNNVD: CNNVD-202001-074

EXTERNAL IDS
db:NVDid:CVE-2019-11993
Trust: 3.1
db:JVNDBid:JVNDB-2019-014157
Trust: 0.8
db:CNVDid:CNVD-2020-04654
Trust: 0.6
db:CNNVDid:CNNVD-202001-074
Trust: 0.6
db:VULMONid:CVE-2019-11993
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-04654 // 
            
            
            
            VULMON: CVE-2019-11993 // 
            
            
            
            JVNDB: JVNDB-2019-014157 // 
            
            
            
            CNNVD: CNNVD-202001-074 // 
            
            
            
            NVD: CVE-2019-11993

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-11993
Trust: 2.0
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03955en_us
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11993
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-04654 // 
            
            
            
            VULMON: CVE-2019-11993 // 
            
            
            
            JVNDB: JVNDB-2019-014157 // 
            
            
            
            CNNVD: CNNVD-202001-074 // 
            
            
            
            NVD: CVE-2019-11993

SOURCES
db:CNVDid:CNVD-2020-04654
db:VULMONid:CVE-2019-11993
db:JVNDBid:JVNDB-2019-014157
db:CNNVDid:CNNVD-202001-074
db:NVDid:CVE-2019-11993

LAST UPDATE DATE
2024-11-23T22:11:40.101000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-04654date:2020-02-11T00:00:00
db:VULMONid:CVE-2019-11993date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-014157date:2020-02-05T00:00:00
db:CNNVDid:CNNVD-202001-074date:2020-01-06T00:00:00
db:NVDid:CVE-2019-11993date:2024-11-21T04:22:07.477

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-04654date:2020-02-11T00:00:00
db:VULMONid:CVE-2019-11993date:2020-01-03T00:00:00
db:JVNDBid:JVNDB-2019-014157date:2020-02-05T00:00:00
db:CNNVDid:CNNVD-202001-074date:2020-01-03T00:00:00
db:NVDid:CVE-2019-11993date:2020-01-03T18:15:09.640