Vulnerabilities > CVE-2019-12001 - Insufficient Session Expiration vulnerability in HPE products

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

hpe

CWE-613

NVD

Published: 2020-04-17

Updated: 2020-04-28

Summary

A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.

Vulnerable Configurations

Part	Description	Count
OS	Hpe HPE MSA 1040 Firmware - HPE MSA 1040 Firmware Gl225P001 HPE MSA 2040 Firmware - HPE MSA 2040 Firmware Gl225P001 HPE MSA 2042 Firmware - HPE MSA 2042 Firmware Gl225P001 HPE MSA 1050 Firmware - HPE MSA 1050 Firmware Ve270R001-01 HPE MSA 2050 Firmware - HPE MSA 2050 Firmware Vl270R001-01 HPE MSA 2052 Firmware - HPE MSA 2052 Firmware Vl270R001-01	12
Hardware	Hpe HPE MSA 1040 - HPE MSA 2040 - HPE MSA 2042 - HPE MSA 1050 - HPE MSA 2050 - HPE MSA 2052 -	6

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03940en_us