Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-23703
Analyzed
More InfoOfficial Page
Source-security-alert@hpe.com
View Known Exploited Vulnerability (KEV) details
Published At-12 Apr, 2022 | 17:15
Updated At-19 Apr, 2022 | 19:52

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
Hewlett Packard Enterprise (HPE)
hpe
>>nimbleos>>Versions before 5.0.10.100(exclusive)
cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
Hewlett Packard Enterprise (HPE)
hpe
>>nimbleos>>Versions from 5.1.0.0(inclusive) to 5.2.1.500(exclusive)
cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
Hewlett Packard Enterprise (HPE)
hpe
>>nimbleos>>5.3.1.0
cpe:2.3:o:hpe:nimbleos:5.3.1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04268en_ussecurity-alert@hpe.com
Vendor Advisory
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04268en_us
Source: security-alert@hpe.com
Resource:
Vendor Advisory
Change History
0Changes found
Details not found