CVE-2023-30910 - Vulnerability Details - OpenCVE

HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00106.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hpe	Msa 1060 Storage Msa 1060 Storage Firmware Msa 2060 Storage Msa 2060 Storage Firmware Msa 2062 Storage Msa 2062 Storage Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hpe:msa_1060_storage_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:msa_1060_storage:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hpe:msa_2060_storage_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:msa_2060_storage:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hpe:msa_2062_storage_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:msa_2062_storage:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-35250	HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us

History

Thu, 19 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2023-10-09T15:04:35.757Z

Updated: 2024-09-19T13:50:48.410Z

Reserved: 2023-04-20T16:58:53.926Z

Link: CVE-2023-30910

Vulnrichment

Updated: 2024-08-02T14:37:15.510Z

NVD

Status : Modified

Published: 2023-10-09T16:15:10.400

Modified: 2024-11-21T08:01:03.233

Link: CVE-2023-30910

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-30910", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-04-20T16:58:53.926Z", "datePublished": "2023-10-09T15:04:35.757Z", "dateUpdated": "2024-09-19T13:50:48.410Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HPE MSA Controller", "vendor": "Hewlett Packer Enterprise (HPE)", "versions": [{"lessThan": "IN210R004", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. "}], "value": "HPE MSA Controller prior to version\u00a0IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests.\u00a0"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-10-09T15:10:09.082Z"}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:37:15.510Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-19T13:38:22.381697Z", "id": "CVE-2023-30910", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T13:50:48.410Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:37:15.510Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-30910", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-19T13:38:22.381697Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T13:50:42.804Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packer Enterprise (HPE)", "product": "HPE MSA Controller", "versions": [{"status": "affected", "version": "0", "lessThan": "IN210R004", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "HPE MSA Controller prior to version\u00a0IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests.\u00a0", "supportingMedia": [{"type": "text/html", "value": "HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-10-09T15:10:09.082Z"}}}, "cveMetadata": {"cveId": "CVE-2023-30910", "state": "PUBLISHED", "dateUpdated": "2024-09-19T13:50:48.410Z", "dateReserved": "2023-04-20T16:58:53.926Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2023-10-09T15:04:35.757Z", "assignerShortName": "hpe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:msa_1060_storage_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D619F85-D2AF-4C55-9987-74A25CF5F91A", "versionEndExcluding": "in210r004", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:msa_1060_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8807E1F-5159-4AEA-BBF5-05BA6FBC394F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:msa_2060_storage_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "153B35B4-02A3-4E45-B825-B059FE41249B", "versionEndExcluding": "in210r004", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:msa_2060_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F26FD92-05CA-460D-BCD0-D71626E1E594", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:msa_2062_storage_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F8D94-8EFA-48BE-937E-D82C449DFF3D", "versionEndExcluding": "in210r004", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:msa_2062_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9EAA9E7-F3E9-4778-ACBC-DD801586FCC7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "HPE MSA Controller prior to version\u00a0IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests.\u00a0"}, {"lang": "es", "value": "HPE MSA Controller anterior a la versi\u00f3n IN210R004 podr\u00eda explotarse de forma remota para permitir una interpretaci\u00f3n inconsistente de las solicitudes HTTP."}], "id": "CVE-2023-30910", "lastModified": "2024-11-21T08:01:03.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security-alert@hpe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-09T16:15:10.400", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "security-alert@hpe.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}