Sign-up

ID

VAR-201905-0984


CVE

CVE-2018-7120


TITLE

HPE Synergy running Vulnerability in authorization, authority and access control in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-015422

DESCRIPTION

A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege. HPE Synergy running Firmware contains vulnerabilities related to authorization, authority, and access control.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.8

sources: NVD: CVE-2018-7120 // JVNDB: JVNDB-2018-015422 // VULHUB: VHN-137152 // VULMON: CVE-2018-7120

AFFECTED PRODUCTS

vendor:hpmodel:synergyscope:eqversion:5.00.50

Trust: 1.0

vendor:hewlett packardmodel:synergyscope:eqversion:5.00.50

Trust: 0.8

sources: JVNDB: JVNDB-2018-015422 // NVD: CVE-2018-7120

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7120
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7120
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201905-261
value: CRITICAL

Trust: 0.6

VULHUB: VHN-137152
value: HIGH

Trust: 0.1

VULMON: CVE-2018-7120
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7120
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-137152
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7120
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-137152 // VULMON: CVE-2018-7120 // JVNDB: JVNDB-2018-015422 // CNNVD: CNNVD-201905-261 // NVD: CVE-2018-7120

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-137152 // JVNDB: JVNDB-2018-015422 // NVD: CVE-2018-7120

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-261

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-261

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015422

PATCH
title:hpesbhf03916en_usurl:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03916en_us
Trust: 0.8
title:HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92449
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015422 // 
            
            
            
            CNNVD: CNNVD-201905-261

EXTERNAL IDS
db:NVDid:CVE-2018-7120
Trust: 2.6
db:JVNDBid:JVNDB-2018-015422
Trust: 0.8
db:CNNVDid:CNNVD-201905-261
Trust: 0.7
db:VULHUBid:VHN-137152
Trust: 0.1
db:VULMONid:CVE-2018-7120
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137152 // 
            
            
            
            VULMON: CVE-2018-7120 // 
            
            
            
            JVNDB: JVNDB-2018-015422 // 
            
            
            
            CNNVD: CNNVD-201905-261 // 
            
            
            
            NVD: CVE-2018-7120

REFERENCES
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03916en_us
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-7120
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7120
Trust: 0.8
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03916en_us
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137152 // 
            
            
            
            VULMON: CVE-2018-7120 // 
            
            
            
            JVNDB: JVNDB-2018-015422 // 
            
            
            
            CNNVD: CNNVD-201905-261 // 
            
            
            
            NVD: CVE-2018-7120

SOURCES
db:VULHUBid:VHN-137152
db:VULMONid:CVE-2018-7120
db:JVNDBid:JVNDB-2018-015422
db:CNNVDid:CNNVD-201905-261
db:NVDid:CVE-2018-7120

LAST UPDATE DATE
2024-11-23T23:08:24.566000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137152date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-7120date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-015422date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-261date:2019-10-23T00:00:00
db:NVDid:CVE-2018-7120date:2024-11-21T04:11:40.717

SOURCES RELEASE DATE
db:VULHUBid:VHN-137152date:2019-05-10T00:00:00
db:VULMONid:CVE-2018-7120date:2019-05-10T00:00:00
db:JVNDBid:JVNDB-2018-015422date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-261date:2019-05-10T00:00:00
db:NVDid:CVE-2018-7120date:2019-05-10T19:29:04.387