CVE-2016-8529 - Vulnerability Details - OpenCVE

Description

A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.

Published: 2018-02-15

Score: 7.6 High

EPSS: 3.7% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hewlett Packard Enterprise

StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS

affected

Version	Status	Constraints
`LeftHand OS v12.5 and earlier`	affected	—

Configuration 1 [-]

cpe:2.3:o:hp:lefthand:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2016-9377	A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.03702.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://www.securityfocus.com/bid/95970
http://www.securitytracker.com/id/1037762
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958

History

No history.

Subscriptions

Hp Lefthand

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2018-02-15T22:00:00.000Z

Updated: 2024-09-17T04:13:55.467Z

Reserved: 2016-10-07T00:00:00.000Z

Link: CVE-2016-8529

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-02-15T22:29:01.170

Modified: 2026-06-17T00:54:30.170

Link: CVE-2016-8529

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-284
Improper Access Control

{"containers": {"cna": {"affected": [{"product": "StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS", "vendor": "Hewlett Packard Enterprise", "versions": [{"status": "affected", "version": "LeftHand OS v12.5 and earlier"}]}], "datePublic": "2017-01-31T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version."}], "problemTypes": [{"descriptions": [{"description": "Remote Arbitrary Command Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-16T10:57:01.000Z", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"name": "1037762", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037762"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958"}, {"name": "95970", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95970"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "DATE_PUBLIC": "2017-01-31T00:00:00", "ID": "CVE-2016-8529", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS", "version": {"version_data": [{"version_value": "LeftHand OS v12.5 and earlier"}]}}]}, "vendor_name": "Hewlett Packard Enterprise"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Arbitrary Command Execution"}]}]}, "references": {"reference_data": [{"name": "1037762", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037762"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958"}, {"name": "95970", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95970"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:27:40.678Z"}, "title": "CVE Program Container", "references": [{"name": "1037762", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037762"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958"}, {"name": "95970", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95970"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2016-8529", "datePublished": "2018-02-15T22:00:00.000Z", "dateReserved": "2016-10-07T00:00:00.000Z", "dateUpdated": "2024-09-17T04:13:55.467Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"affected": [{"affectedData": [{"product": "StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS", "vendor": "Hewlett Packard Enterprise", "versions": [{"status": "affected", "version": "LeftHand OS v12.5 and earlier"}]}], "source": "security-alert@hpe.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:lefthand:*:*:*:*:*:*:*:*", "matchCriteriaId": "893DFCFB-C2A2-4346-B2A5-14E4CC5FA910", "versionEndIncluding": "12.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en HPE StoreVirtual 4000 Storage y StoreVirtual VSA Software que ejecutan LeftHand OS en versiones v12.5 y anteriores. El problema se ha resuelto en LeftHand OS v12.6 o en versiones posteriores."}], "id": "CVE-2016-8529", "lastModified": "2026-06-17T00:54:30.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-15T22:29:01.170", "references": [{"source": "security-alert@hpe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95970"}, {"source": "security-alert@hpe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037762"}, {"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037762"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}