OpenCVE

A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27. HPE has provided a software update to resolve this vulnerability in HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX Supercomputers.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hpe	Cray Ex Supercomputers Cray Ex Supercomputers Firmware Cray Sh Supercomputer Air Cooled Base System Code Cray Sh Supercomputer Air Cooled Base System Code Firmware Cray Sh Supercomputer Liquid Cooled Base System Code Cray Sh Supercomputer Liquid Cooled Base System Code Firmware Cray Sh Supercomputer Liquid Cooled Tds Base System Code Cray Sh Supercomputer Liquid Cooled Tds Base System Code Firmware Slingshot Slingshot Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hpe:slingshot_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:slingshot:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:hpe:cray_ex_supercomputers_firmware:1.4.27:::::::*
	cpe:2.3:o:hpe:cray_ex_supercomputers_firmware:1.5.33:::::::*
	cpe:2.3:o:hpe:cray_ex_supercomputers_firmware:1.6.27:::::::*

cpe:2.3:h:hpe:cray_ex_supercomputers:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:hpe:cray_sh_supercomputer_air_cooled_base_system_code_firmware:1.4.27:::::::*
	cpe:2.3:o:hpe:cray_sh_supercomputer_air_cooled_base_system_code_firmware:1.5.33:::::::*
	cpe:2.3:o:hpe:cray_sh_supercomputer_air_cooled_base_system_code_firmware:1.6.27:::::::*

cpe:2.3:h:hpe:cray_sh_supercomputer_air_cooled_base_system_code:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:hpe:cray_sh_supercomputer_liquid_cooled_base_system_code_firmware:1.4.27:::::::*
	cpe:2.3:o:hpe:cray_sh_supercomputer_liquid_cooled_base_system_code_firmware:1.5.33:::::::*
	cpe:2.3:o:hpe:cray_sh_supercomputer_liquid_cooled_base_system_code_firmware:1.6.27:::::::*

cpe:2.3:h:hpe:cray_sh_supercomputer_liquid_cooled_base_system_code:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:hpe:cray_sh_supercomputer_liquid_cooled_tds_base_system_code_firmware:1.4.27:::::::*
	cpe:2.3:o:hpe:cray_sh_supercomputer_liquid_cooled_tds_base_system_code_firmware:1.5.33:::::::*
	cpe:2.3:o:hpe:cray_sh_supercomputer_liquid_cooled_tds_base_system_code_firmware:1.6.27:::::::*

cpe:2.3:h:hpe:cray_sh_supercomputer_liquid_cooled_tds_base_system_code:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbcr04284en_us

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2022-06-24T15:00:10

Updated: 2024-08-03T05:56:16.132Z

Reserved: 2022-04-04T00:00:00

Link: CVE-2022-28620

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-06-24T15:15:10.300

Modified: 2024-11-21T06:57:35.767

Link: CVE-2022-28620

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object