CVE-2022-23703

{"id": "CVE-2022-23703", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-04-12T17:15:09.403", "references": [{"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04268en_us", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de seguridad en HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays y HPE Nimble Storage Secondary Flash Arrays durante la actualizaci\u00f3n. Esto podr\u00eda permitir a un atacante interceptar y modificar la comunicaci\u00f3n de red para las actualizaciones de software iniciadas por el dispositivo Nimble. Las siguientes versiones de NimbleOS, y todas las posteriores, contienen una correcci\u00f3n de software para esta vulnerabilidad: 5.0.10.100, 5.2.1.500, 6.0.0.100"}], "lastModified": "2022-04-19T19:52:45.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C17B31B-672E-4A30-8C76-42E2FF2B05F6", "versionEndExcluding": "5.0.10.100"}, {"criteria": "cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CF896B4-F62C-4C4F-A7F5-DFF842F403DF", "versionEndExcluding": "5.2.1.500", "versionStartIncluding": "5.1.0.0"}, {"criteria": "cpe:2.3:o:hpe:nimbleos:5.3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEF13515-9B03-4335-8E14-707CD8245F05"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}