Vulnerability Details : CVE-2022-23703
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100
Products affected by CVE-2022-23703
- cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
- cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
- cpe:2.3:o:hpe:nimbleos:5.3.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23703
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23703
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2022-23703
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04268en_us
Document - HPESBST04268 rev.1 - HPE Nimble Storage, Remote Code Execution | HPE SupportVendor Advisory
Jump to