CVE-2016-8529

A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.

CVSS v3 7.6 HIGH
CVSS v2.0 7.3 HIGH

7.6^/10

CVSS v3 : HIGH

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Exploitability : 2.8 / Impact : 4.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

7.3^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:C

Exploitability : 6.5 / Impact : 8.5

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/95970	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037762	Third Party Advisory VDB Entry
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:hp:lefthand:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-15 22:29

Updated : 2024-02-28 16:25

NVD link : CVE-2016-8529

Mitre link : CVE-2016-8529

CVE.ORG link : CVE-2016-8529

JSON object : View

Products Affected

hp

lefthand

CWE

CWE-284

Improper Access Control

{"id": "CVE-2016-8529", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 8.5, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}]}, "published": "2018-02-15T22:29:01.170", "references": [{"url": "http://www.securityfocus.com/bid/95970", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security-alert@hpe.com"}, {"url": "http://www.securitytracker.com/id/1037762", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security-alert@hpe.com"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en HPE StoreVirtual 4000 Storage y StoreVirtual VSA Software que ejecutan LeftHand OS en versiones v12.5 y anteriores. El problema se ha resuelto en LeftHand OS v12.6 o en versiones posteriores."}], "lastModified": "2018-03-12T18:47:43.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:lefthand:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "893DFCFB-C2A2-4346-B2A5-14E4CC5FA910", "versionEndIncluding": "12.5"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}