Vulnerability Details : CVE-2022-23703
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100
Exploit prediction scoring system (EPSS) score for CVE-2022-23703
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 31 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-23703
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2022-23703
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04268en_us
Document - HPESBST04268 rev.1 - HPE Nimble Storage, Remote Code Execution | HPE SupportVendor Advisory
Products affected by CVE-2022-23703
- cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
- cpe:2.3:o:hpe:nimbleos:*:*:*:*:*:*:*:*
- cpe:2.3:o:hpe:nimbleos:5.3.1.0:*:*:*:*:*:*:*