CVE-2016-8529 - OpenCVE

A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:A/AC:L/Au:N/C:P/I:P/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Lefthand

Configuration 1 [-]

cpe:2.3:o:hp:lefthand:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/95970
http://www.securitytracker.com/id/1037762
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2018-02-15T22:00:00Z

Updated: 2024-09-17T04:13:55.467Z

Reserved: 2016-10-07T00:00:00

Link: CVE-2016-8529

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-02-15T22:29:01.170

Modified: 2018-03-12T18:47:43.210

Link: CVE-2016-8529

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS", "vendor": "Hewlett Packard Enterprise", "versions": [{"status": "affected", "version": "LeftHand OS v12.5 and earlier"}]}], "datePublic": "2017-01-31T00:00:00", "descriptions": [{"lang": "en", "value": "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version."}], "problemTypes": [{"descriptions": [{"description": "Remote Arbitrary Command Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-16T10:57:01", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"name": "1037762", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037762"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958"}, {"name": "95970", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95970"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "DATE_PUBLIC": "2017-01-31T00:00:00", "ID": "CVE-2016-8529", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS", "version": {"version_data": [{"version_value": "LeftHand OS v12.5 and earlier"}]}}]}, "vendor_name": "Hewlett Packard Enterprise"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Arbitrary Command Execution"}]}]}, "references": {"reference_data": [{"name": "1037762", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037762"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958"}, {"name": "95970", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95970"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:27:40.678Z"}, "title": "CVE Program Container", "references": [{"name": "1037762", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037762"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958"}, {"name": "95970", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95970"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2016-8529", "datePublished": "2018-02-15T22:00:00Z", "dateReserved": "2016-10-07T00:00:00", "dateUpdated": "2024-09-17T04:13:55.467Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:lefthand:*:*:*:*:*:*:*:*", "matchCriteriaId": "893DFCFB-C2A2-4346-B2A5-14E4CC5FA910", "versionEndIncluding": "12.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de ejecuci\u00f3n remota de comandos arbitrarios en HPE StoreVirtual 4000 Storage y StoreVirtual VSA Software que ejecutan LeftHand OS en versiones v12.5 y anteriores. El problema se ha resuelto en LeftHand OS v12.6 o en versiones posteriores."}], "id": "CVE-2016-8529", "lastModified": "2018-03-12T18:47:43.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-15T22:29:01.170", "references": [{"source": "security-alert@hpe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95970"}, {"source": "security-alert@hpe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037762"}, {"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}