Sign-up

ID

VAR-202204-1203


CVE

CVE-2022-23702


TITLE

HPE Superdome Flex Server  and  Superdome Flex 280 Server  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-001951

DESCRIPTION

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later. (DoS) It may be in a state

Trust: 2.25

sources: NVD: CVE-2022-23702 // JVNDB: JVNDB-2022-001951 // CNVD: CNVD-2022-81349 // VULMON: CVE-2022-23702

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-81349

AFFECTED PRODUCTS

vendor:hpemodel:superdome flex serverscope:ltversion:3.50.58

Trust: 1.6

vendor:hpemodel:superdome flex 280 serverscope:ltversion:1.20.204

Trust: 1.0

vendor:ヒューレット パッカードmodel:hpe superdome flex serverscope: - version: -

Trust: 0.8

vendor:ヒューレット パッカードmodel:superdome flex 280 serverscope: - version: -

Trust: 0.8

vendor:hpemodel:superdome flex serverscope:eqversion:280<1.20.204

Trust: 0.6

sources: CNVD: CNVD-2022-81349 // JVNDB: JVNDB-2022-001951 // NVD: CVE-2022-23702

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-23702
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-23702
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-81349
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202204-3190
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-23702
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-23702
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-81349
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-23702
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-23702
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-81349 // VULMON: CVE-2022-23702 // JVNDB: JVNDB-2022-001951 // CNNVD: CNNVD-202204-3190 // NVD: CVE-2022-23702

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-001951 // NVD: CVE-2022-23702

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3190

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3190

PATCH

title:hpesbhf04266en_us Hitachi Server / Client Product Security Informationurl:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-hpesbhf04266en_us

Trust: 0.8

title:Patch for HPE Superdome Flex Server Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/348566

Trust: 0.6

title:HPE Superdome Flex Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190254

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: CNVD: CNVD-2022-81349 // VULMON: CVE-2022-23702 // JVNDB: JVNDB-2022-001951 // CNNVD: CNNVD-202204-3190

EXTERNAL IDS

db:NVDid:CVE-2022-23702

Trust: 3.9

db:JVNDBid:JVNDB-2022-001951

Trust: 0.8

db:CNVDid:CNVD-2022-81349

Trust: 0.6

db:CNNVDid:CNNVD-202204-3190

Trust: 0.6

db:VULMONid:CVE-2022-23702

Trust: 0.1

sources: CNVD: CNVD-2022-81349 // VULMON: CVE-2022-23702 // JVNDB: JVNDB-2022-001951 // CNNVD: CNNVD-202204-3190 // NVD: CVE-2022-23702

REFERENCES

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf04266en_us

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-23702

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-23702/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: CNVD: CNVD-2022-81349 // VULMON: CVE-2022-23702 // JVNDB: JVNDB-2022-001951 // CNNVD: CNNVD-202204-3190 // NVD: CVE-2022-23702

SOURCES

db:CNVDid:CNVD-2022-81349
db:VULMONid:CVE-2022-23702
db:JVNDBid:JVNDB-2022-001951
db:CNNVDid:CNNVD-202204-3190
db:NVDid:CVE-2022-23702

LAST UPDATE DATE

2024-11-23T22:04:55.023000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-81349date:2022-11-25T00:00:00
db:VULMONid:CVE-2022-23702date:2023-08-08T00:00:00
db:JVNDBid:JVNDB-2022-001951date:2022-06-14T07:30:00
db:CNNVDid:CNNVD-202204-3190date:2022-04-21T00:00:00
db:NVDid:CVE-2022-23702date:2024-11-21T06:49:08.300

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-81349date:2022-08-31T00:00:00
db:VULMONid:CVE-2022-23702date:2022-04-12T00:00:00
db:JVNDBid:JVNDB-2022-001951date:2022-06-14T00:00:00
db:CNNVDid:CNNVD-202204-3190date:2022-04-12T00:00:00
db:NVDid:CVE-2022-23702date:2022-04-12T17:15:09.360