Vulnerabilities > CVE-2020-7138 - Unspecified vulnerability in HPE Nimbleos

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

hpe

NVD

Published: 2020-05-19

Updated: 2021-07-21

Summary

Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100

Vulnerable Configurations

Part	Description	Count
OS	Hpe HPE Nimbleos 3.1.0.0 HPE Nimbleos 3.2.1.0 HPE Nimbleos 3.3.0.0 HPE Nimbleos 3.4.0.0 HPE Nimbleos 3.4.1.0 HPE Nimbleos 3.5.0.0 HPE Nimbleos 3.5.2.0 HPE Nimbleos 3.5.3.0 HPE Nimbleos 3.5.4.0 HPE Nimbleos 3.6.0.0 HPE Nimbleos 3.6.1.0 HPE Nimbleos 3.6.2.0 HPE Nimbleos 3.7.0.0 HPE Nimbleos 3.8.0.0 HPE Nimbleos 3.8.1.0 HPE Nimbleos 3.9.0.0 HPE Nimbleos 3.9.1.0 HPE Nimbleos 3.9.2.0 HPE Nimbleos 3.9.3.0 HPE Nimbleos 4.1.0.0 HPE Nimbleos 4.2.0.0 HPE Nimbleos 4.2.1.0 HPE Nimbleos 4.3.0.0 HPE Nimbleos 4.3.1.0 HPE Nimbleos 4.4.0.0 HPE Nimbleos 4.4.1.0 HPE Nimbleos 4.5.0.0 HPE Nimbleos 4.5.1.0 HPE Nimbleos 4.5.2.0 HPE Nimbleos 4.5.3.0 HPE Nimbleos 4.5.4.0 HPE Nimbleos 4.5.5.0 HPE Nimbleos 4.5.6.0 HPE Nimbleos 5.0.1.0 HPE Nimbleos 5.0.1.0.100 HPE Nimbleos 5.0.1.100 HPE Nimbleos 5.0.2.0 HPE Nimbleos 5.0.3.0 HPE Nimbleos 5.0.3.100 HPE Nimbleos 5.0.4.0 HPE Nimbleos 5.0.5.0 HPE Nimbleos 5.0.5.200 HPE Nimbleos 5.0.6.0 HPE Nimbleos 5.0.7.0 HPE Nimbleos 5.0.7.300 HPE Nimbleos 5.0.8.0 HPE Nimbleos 5.0.9.0 HPE Nimbleos 5.1.0.0 HPE Nimbleos 5.1.1.0 HPE Nimbleos 5.1.2.0 HPE Nimbleos 5.1.2.100 HPE Nimbleos 5.1.3.0 HPE Nimbleos 5.1.3.100 HPE Nimbleos 5.1.4.0 HPE Nimbleos 5.1.4.100	55
Hardware	Hpe HPE Nimble Storage Af20 ALL Flash Array - HPE Nimble Storage Af20Q ALL Flash Dual Controller - HPE Nimble Storage Af40 ALL Flash Dual Controller - HPE Nimble Storage Af60 ALL Flash Dual Controller - HPE Nimble Storage Af80 ALL Flash Dual Controller - HPE Nimble Storage Cs3000 - HPE Nimble Storage Cs5000 - HPE Nimble Storage Cs7000 - HPE Nimble Storage Secondary Flash Arrays -	9

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us