Sign-up

ID

VAR-201802-0741


CVE

CVE-2017-8960


TITLE

HPE MSA 1040 and MSA 2040 SAN Storage Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012700

DESCRIPTION

An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found. HPE MSA 1040 and MSA 2040 SAN Storage Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HPEMSA1040 and MSA2040SANStorage are storage devices of Hewlett Packard Enterprise (HPE). An authentication vulnerability exists in HPEMSA1040 and MSA2040SANStorageGL220P008 and earlier. A remote attacker could exploit the vulnerability to bypass authentication. An attacker may leverage these issues to bypass the authentication mechanism and gain unauthorized access or to gain elevated privileges. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2017-8960 // JVNDB: JVNDB-2017-012700 // CNVD: CNVD-2018-06707 // BID: 101547 // VULHUB: VHN-117163

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06707

AFFECTED PRODUCTS

vendor:hpmodel:msa 1040 san storagescope:lteversion:gl220p008

Trust: 1.0

vendor:hpmodel:msa 2040 san storagescope:lteversion:gl220p008

Trust: 1.0

vendor:hewlett packardmodel:hpe msa 1040 storagescope:lteversion:gl220p008

Trust: 0.8

vendor:hewlett packardmodel:hpe msa 2040 storagescope:lteversion:gl220p008

Trust: 0.8

vendor:hpmodel:msa <gl220p008scope:eqversion:1040

Trust: 0.6

vendor:hpmodel:msa san storage <=gl220p008scope:eqversion:2040

Trust: 0.6

vendor:hpmodel:msa 2040 san storagescope:eqversion:gl220p008

Trust: 0.6

vendor:hpmodel:msa 1040 san storagescope:eqversion:gl220p008

Trust: 0.6

vendor:hpmodel:msa storage gl220p008scope:eqversion:2040

Trust: 0.3

vendor:hpmodel:msa storage gl200r007scope:eqversion:2040

Trust: 0.3

vendor:hpmodel:msa storage gl220p008scope:eqversion:1040

Trust: 0.3

vendor:hpmodel:msa storage gl200r007scope:eqversion:1040

Trust: 0.3

vendor:hpmodel:msa storage gl220p009scope:neversion:2040

Trust: 0.3

vendor:hpmodel:msa storage gl220p009scope:neversion:1040

Trust: 0.3

sources: CNVD: CNVD-2018-06707 // BID: 101547 // JVNDB: JVNDB-2017-012700 // CNNVD: CNNVD-201705-836 // NVD: CVE-2017-8960

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8960
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-8960
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-06707
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201705-836
value: CRITICAL

Trust: 0.6

VULHUB: VHN-117163
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-8960
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06707
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-117163
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8960
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-06707 // VULHUB: VHN-117163 // JVNDB: JVNDB-2017-012700 // CNNVD: CNNVD-201705-836 // NVD: CVE-2017-8960

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-117163 // JVNDB: JVNDB-2017-012700 // NVD: CVE-2017-8960

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-836

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201705-836

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012700

PATCH
title:HPESBST03780url:https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us
Trust: 0.8
title:Patch for HPEMSA1040 and MSA2040 SANStorage Authentication Vulnerability Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/124321
Trust: 0.6
title:HPE MSA 1040  and MSA 2040 SAN Storage Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99810
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06707 // 
            
            
            
            JVNDB: JVNDB-2017-012700 // 
            
            
            
            CNNVD: CNNVD-201705-836

EXTERNAL IDS
db:NVDid:CVE-2017-8960
Trust: 3.4
db:JVNDBid:JVNDB-2017-012700
Trust: 0.8
db:CNNVDid:CNNVD-201705-836
Trust: 0.7
db:CNVDid:CNVD-2018-06707
Trust: 0.6
db:BIDid:101547
Trust: 0.3
db:VULHUBid:VHN-117163
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06707 // 
            
            
            
            VULHUB: VHN-117163 // 
            
            
            
            BID: 101547 // 
            
            
            
            JVNDB: JVNDB-2017-012700 // 
            
            
            
            CNNVD: CNNVD-201705-836 // 
            
            
            
            NVD: CVE-2017-8960

REFERENCES
url:https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbst03780en_us
Trust: 2.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8960
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8960
Trust: 0.8
url:http://www.hp.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-06707 // 
            
            
            
            VULHUB: VHN-117163 // 
            
            
            
            BID: 101547 // 
            
            
            
            JVNDB: JVNDB-2017-012700 // 
            
            
            
            CNNVD: CNNVD-201705-836 // 
            
            
            
            NVD: CVE-2017-8960

CREDITS
David Berard of Ubisoft
Trust: 0.3
sources:
            
            
            BID: 101547

SOURCES
db:CNVDid:CNVD-2018-06707
db:VULHUBid:VHN-117163
db:BIDid:101547
db:JVNDBid:JVNDB-2017-012700
db:CNNVDid:CNNVD-201705-836
db:NVDid:CVE-2017-8960

LAST UPDATE DATE
2024-11-23T21:53:22.574000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06707date:2018-03-29T00:00:00
db:VULHUBid:VHN-117163date:2019-10-03T00:00:00
db:BIDid:101547date:2017-10-09T00:00:00
db:JVNDBid:JVNDB-2017-012700date:2018-04-05T00:00:00
db:CNNVDid:CNNVD-201705-836date:2019-10-23T00:00:00
db:NVDid:CVE-2017-8960date:2024-11-21T03:35:04.600

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-06707date:2018-03-29T00:00:00
db:VULHUBid:VHN-117163date:2018-02-15T00:00:00
db:BIDid:101547date:2017-10-09T00:00:00
db:JVNDBid:JVNDB-2017-012700date:2018-04-05T00:00:00
db:CNNVDid:CNNVD-201705-836date:2017-05-19T00:00:00
db:NVDid:CVE-2017-8960date:2018-02-15T22:29:08.403