CVE-2024-51764 - Vulnerability Details - OpenCVE

A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00096.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hewlett Packard Enterprise (HPE)

SGI CXFS

affected

Version	Status	Constraints
`0`	affected	< patch11804, patch11805, patch11806, patch11807

No data.

No data.

No data.

Project Subscriptions

Vendors	Products
Hpe Subscribe	Sgi Cxfs Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04747en_us&docLocale=en_US

History

Tue, 19 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hpe Hpe sgi Cxfs
Weaknesses		CWE-276
CPEs		cpe:2.3:a:hpe:sgi_cxfs::::::::
Vendors & Products		Hpe Hpe sgi Cxfs
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 15 Nov 2024 21:45:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
References		https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04747en_us&docLocale=en_US

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2024-11-15T21:32:21.248Z

Updated: 2024-11-19T16:28:26.077Z

Reserved: 2024-11-01T14:42:12.298Z

Link: CVE-2024-51764

Vulnrichment

Updated: 2024-11-19T16:28:16.796Z

NVD

Status : Awaiting Analysis

Published: 2024-11-15T22:15:16.017

Modified: 2024-11-19T17:35:15.297

Link: CVE-2024-51764

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-276

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-51764", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2024-11-01T14:42:12.298Z", "datePublished": "2024-11-15T21:32:21.248Z", "dateUpdated": "2024-11-19T16:28:26.077Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access."}], "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "SGI CXFS", "defaultStatus": "affected", "versions": [{"version": "0", "status": "affected", "lessThan": "patch11804, patch11805, patch11806, patch11807", "versionType": "custom"}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04747en_us&docLocale=en_US"}], "x_generator": {"engine": "cveClient/1.0.15"}, "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2024-11-15T21:34:19.921Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "affected": [{"vendor": "hpe", "product": "sgi_cxfs", "cpes": ["cpe:2.3:a:hpe:sgi_cxfs:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "patch11804", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "patch11805", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "patch11806", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "patch11807", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-19T16:25:12.409833Z", "id": "CVE-2024-51764", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-19T16:28:26.077Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-51764", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-19T16:25:12.409833Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hpe:sgi_cxfs:*:*:*:*:*:*:*:*"], "vendor": "hpe", "product": "sgi_cxfs", "versions": [{"status": "affected", "version": "0", "lessThan": "patch11804", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "patch11805", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "patch11806", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "patch11807", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-19T16:28:16.796Z"}}], "cna": {"affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "SGI CXFS", "versions": [{"status": "affected", "version": "0", "lessThan": "patch11804, patch11805, patch11806, patch11807", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04747en_us&docLocale=en_US"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access."}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2024-11-15T21:34:19.921Z"}}}, "cveMetadata": {"cveId": "CVE-2024-51764", "state": "PUBLISHED", "dateUpdated": "2024-11-19T16:28:26.077Z", "dateReserved": "2024-11-01T14:42:12.298Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2024-11-15T21:32:21.248Z", "assignerShortName": "hpe"}, "dataVersion": "5.1"}