CVE-2022-37929 : Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble

Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.

Published 2022-12-12 13:15:14

Updated 2022-12-13 20:45:39

Source Hewlett Packard Enterprise (HPE)

View at NVD, CVE.org

Products affected by CVE-2022-37929

HPE » Sf100 Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:sf100_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Sf100 » Version: N/A
HPE » Sf100 Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:sf100_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Sf100 » Version: N/A
HPE » Sf300 Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:sf300_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Sf300 » Version: N/A
HPE » Sf300 Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:sf300_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Sf300 » Version: N/A
HPE » Hf60c Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf60c_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf60c » Version: N/A
HPE » Hf60c Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf60c_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf60c » Version: N/A
HPE » Hf40c Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf40c_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf40c » Version: N/A
HPE » Hf40c Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf40c_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf40c » Version: N/A
HPE » Hf20 Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf20_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf20 » Version: N/A
HPE » Hf20 Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf20_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf20 » Version: N/A
HPE » Hf40 Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf40_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf40 » Version: N/A
HPE » Hf40 Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf40_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf40 » Version: N/A
HPE » Hf60 Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf60_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf60 » Version: N/A
HPE » Hf60 Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf60_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf60 » Version: N/A
HPE » Hf20h Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf20h_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf20h » Version: N/A
HPE » Hf20h Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf20h_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf20h » Version: N/A
HPE » Hf20c Firmware » Ltsr Edition
Versions before (<) 5.2.1.900
cpe:2.3:o:hpe:hf20c_firmware:*:*:*:*:ltsr:*:*:*
Matching versions
When used together with: HPE » Hf20c » Version: N/A
HPE » Hf20c Firmware » Version: 5.3.0.0
cpe:2.3:o:hpe:hf20c_firmware:5.3.0.0:*:*:*:-:*:*:*
Matching versions
When used together with: HPE » Hf20c » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-37929

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-37929

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
6.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H	0.8	5.9	Hewlett Packard Enterprise (HPE)
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-37929

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-37929

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04360en_us

Document - HPESBST04360 rev.1 - Nimble Storage Arrays, Local Disclosure of Privileged Information | HPE Support
Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-37929

Products affected by CVE-2022-37929

Exploit prediction scoring system (EPSS) score for CVE-2022-37929

CVSS scores for CVE-2022-37929

CWE ids for CVE-2022-37929

References for CVE-2022-37929