Vulnerability Description
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hpe | Nimbleos | >= 3.1.0.0, <= 3.9.1.0 |
| Hpe | Nimble Storage Af20 All Flash Array | - |
| Hpe | Nimble Storage Af20Q All Flash Dual Controller | - |
| Hpe | Nimble Storage Af40 All Flash Dual Controller | - |
| Hpe | Nimble Storage Af60 All Flash Dual Controller | - |
| Hpe | Nimble Storage Af80 All Flash Dual Controller | - |
| Hpe | Nimble Storage Cs3000 | - |
| Hpe | Nimble Storage Cs5000 | - |
| Hpe | Nimble Storage Cs7000 | - |
| Hpe | Nimble Storage Secondary Flash Arrays | - |
References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
FAQ
What is CVE-2019-11996?
CVE-2019-11996 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated priv...
How severe is CVE-2019-11996?
CVE-2019-11996 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-11996?
Check the references section above for vendor advisories and patch information. Affected products include: Hpe Nimbleos, Hpe Nimble Storage Af20 All Flash Array, Hpe Nimble Storage Af20Q All Flash Dual Controller, Hpe Nimble Storage Af40 All Flash Dual Controller, Hpe Nimble Storage Af60 All Flash Dual Controller.