CVE-2021-26588 - OpenCVE

A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hpe	3par Os 3par Storeserv 10400 3par Storeserv 10800 3par Storeserv 20000 3par Storeserv 7200c 3par Storeserv 7400c 3par Storeserv 7440c 3par Storeserv 8000 3par Storeserv 9000 Alletra 9060 Alletra 9060 Firmware Alletra 9080 Alletra 9080 Firmware Primera 630 Primera 630 Firmware Primera 650 Primera 650 Firmware Primera 670 Primera 670 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:h:hpe:3par_storeserv_10400:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_10800:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_20000:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_7200c:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_7400c:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_7440c:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_8000:-:::::::*
	cpe:2.3:h:hpe:3par_storeserv_9000:-:::::::*

OR	cpe:2.3:o:hpe:3par_os:3.3.1_mp5_p156:::::::*
	cpe:2.3:o:hpe:3par_os:3.3.1_mu1:::::::*
	cpe:2.3:o:hpe:3par_os:3.3.1_mu2_p157:::::::*
	cpe:2.3:o:hpe:3par_os:3.3.2_ga_p_01:::::::*

Configuration 2 [-]

AND

cpe:2.3:h:hpe:primera_630:-:*:*:*:*:*:*:*

cpe:2.3:o:hpe:primera_630_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:hpe:primera_650:-:*:*:*:*:*:*:*

cpe:2.3:o:hpe:primera_650_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:hpe:primera_670:-:*:*:*:*:*:*:*

cpe:2.3:o:hpe:primera_670_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:hpe:alletra_9060:-:*:*:*:*:*:*:*

cpe:2.3:o:hpe:alletra_9060_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:hpe:alletra_9080:-:*:*:*:*:*:*:*

cpe:2.3:o:hpe:alletra_9080_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2021-10-11T16:46:31

Updated: 2024-08-03T20:26:25.484Z

Reserved: 2021-02-02T00:00:00

Link: CVE-2021-26588

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-11T17:15:07.637

Modified: 2021-10-18T17:52:39.037

Link: CVE-2021-26588

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object