Vulnerability Details : CVE-2016-8529
A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-8529
- cpe:2.3:o:hp:lefthand:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8529
1.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8529
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.3
|
HIGH | AV:A/AC:L/Au:N/C:P/I:P/A:C |
6.5
|
8.5
|
NIST | |
7.6
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
2.8
|
4.7
|
NIST |
CWE ids for CVE-2016-8529
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8529
-
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958
HPSBST03588 rev 1. - HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS, Remote Arbitrary Command ExecutionVendor Advisory
-
http://www.securityfocus.com/bid/95970
Multiple HP Products CVE-2016-8529 Unspecified Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1037762
HPE StoreVirtual Storage Unspecified Flaw Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
Jump to