Details of VAR-202407-2296

ID

VAR-202407-2296

CVE

CVE-2024-22442

TITLE

hewlett packard enterprise HPE 3PAR Service Processor Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-010200

DESCRIPTION

The vulnerability could be remotely exploited to bypass authentication. hewlett packard enterprise HPE 3PAR Service Processor There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-22442 // JVNDB: JVNDB-2024-010200

AFFECTED PRODUCTS

vendor:	hp	model:	3par service processor	scope:	lt	version:	5.1.2.0	Trust: 1.0
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe 3par service processor	scope:	eq	version:	-	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe 3par service processor	scope:	eq	version:	hpe 3par service processor firmware 5.1.2.0	Trust: 0.8

sources: JVNDB: JVNDB-2024-010200 // NVD: CVE-2024-22442

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-22442
value:	CRITICAL
Trust: 1.0
security-alert@hpe.com:	CVE-2024-22442
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2024-22442
value:	CRITICAL
Trust: 0.8

nvd@nist.gov:	CVE-2024-22442
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2024-22442
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-010200 // NVD: CVE-2024-22442 // NVD: CVE-2024-22442

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-010200 // NVD: CVE-2024-22442

PATCH

title:

hpesbst04663en_us

url:

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04663en_us&docLocale=en_US

Trust: 0.8

sources: JVNDB: JVNDB-2024-010200

EXTERNAL IDS

db:	NVD	id:	CVE-2024-22442	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-010200	Trust: 0.8

sources: JVNDB: JVNDB-2024-010200 // NVD: CVE-2024-22442

REFERENCES

url:	https://support.hpe.com/hpesc/public/docdisplay?docid=hpesbst04663en_us&doclocale=en_us	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-22442	Trust: 0.8

sources: JVNDB: JVNDB-2024-010200 // NVD: CVE-2024-22442

SOURCES

db:	JVNDB	id:	JVNDB-2024-010200
db:	NVD	id:	CVE-2024-22442

LAST UPDATE DATE

2024-10-12T22:46:04.541000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-010200	date:	2024-10-11T04:53:00
db:	NVD	id:	CVE-2024-22442	date:	2024-10-10T12:47:22.213

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-010200	date:	2024-10-11T00:00:00
db:	NVD	id:	CVE-2024-22442	date:	2024-07-16T16:15:04.017