{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22437", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2024-01-10T15:24:39.966Z", "datePublished": "2024-04-15T09:21:40.627Z", "dateUpdated": "2024-08-01T22:43:34.946Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "HPE MSA SAN Storage VSS Provider and CAPI Proxy Software", "vendor": "Hewlett Packard Enterprise", "versions": [{"lessThan": "4.1.3.83", "status": "affected", "version": "N/A", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "R Cooper of Environtec Limited"}], "datePublic": "2024-04-02T09:13:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.</span>\n\n"}], "value": "\nA potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2024-04-15T09:21:40.627Z"}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04630en_us"}], "source": {"advisory": "HPESBST04630", "discovery": "UNKNOWN"}, "title": "HPE MSA SAN Storage VSS Provider and CAPI Proxy Software, Elevation of Privilege", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-15T13:13:01.628436Z", "id": "CVE-2024-22437", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T15:51:08.406Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.946Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04630en_us", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04630en_us", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.946Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22437", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-15T13:13:01.628436Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T15:51:04.843Z"}}], "cna": {"title": "HPE MSA SAN Storage VSS Provider and CAPI Proxy Software, Elevation of Privilege", "source": {"advisory": "HPESBST04630", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "R Cooper of Environtec Limited"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packard Enterprise", "product": "HPE MSA SAN Storage VSS Provider and CAPI Proxy Software", "versions": [{"status": "affected", "version": "N/A", "lessThan": "4.1.3.83", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2024-04-02T09:13:00.000Z", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04630en_us"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nA potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2024-04-15T09:21:40.627Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22437", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:43:34.946Z", "dateReserved": "2024-01-10T15:24:39.966Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2024-04-15T09:21:40.627Z", "assignerShortName": "hpe"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "\nA potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.\n\n"}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en el software VSS Provider y CAPI Proxy para ciertos productos de almacenamiento HPE MSA. Esta vulnerabilidad podr\u00eda explotarse para obtener privilegios elevados en el sistema."}], "id": "CVE-2024-22437", "lastModified": "2024-04-15T13:15:31.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2024-04-15T10:15:07.797", "references": [{"source": "security-alert@hpe.com", "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04630en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "security-alert@hpe.com", "type": "Secondary"}]}

{}