CVE-2016-8529

A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.

CVSS v3.0 7.6 HIGH
CVSS v2.0 7.3 HIGH

7.6^/10

CVSS v3.0 : HIGH

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Exploitability : 2.8 / Impact : 4.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

7.3^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:C

Exploitability : 6.5 / Impact : 8.5

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958	Vendor Advisory
http://www.securitytracker.com/id/1037762	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/95970	Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:hp:lefthand:*:*:*:*:*:*:*:*

Information

Published : 2018-02-15 14:29

Updated : 2018-03-12 11:47

NVD link : CVE-2016-8529

Mitre link : CVE-2016-8529

JSON object : View

CWE

CWE-284

Improper Access Control

Advertisement

Products Affected

hp

lefthand

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958", "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1037762", "name": "1037762", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/95970", "name": "95970", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-284"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-8529", "ASSIGNER": "security-alert@hpe.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 8.5, "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}}, "publishedDate": "2018-02-15T22:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:hp:lefthand:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "12.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-03-12T18:47Z"}