Vulnerability Description
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hpe | Nimbleos | >= 3.1.0.0, <= 3.9.3.0 |
| Hpe | Nimble Storage Af20 All Flash Array | - |
| Hpe | Nimble Storage Af20Q All Flash Dual Controller | - |
| Hpe | Nimble Storage Af40 All Flash Dual Controller | - |
| Hpe | Nimble Storage Af60 All Flash Dual Controller | - |
| Hpe | Nimble Storage Af80 All Flash Dual Controller | - |
| Hpe | Nimble Storage Cs3000 | - |
| Hpe | Nimble Storage Cs5000 | - |
| Hpe | Nimble Storage Cs7000 | - |
| Hpe | Nimble Storage Secondary Flash Arrays | - |
References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
FAQ
What is CVE-2020-7138?
CVE-2020-7138 is a vulnerability with a CVSS score of 8.8 (HIGH). Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The follo...
How severe is CVE-2020-7138?
CVE-2020-7138 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7138?
Check the references section above for vendor advisories and patch information. Affected products include: Hpe Nimbleos, Hpe Nimble Storage Af20 All Flash Array, Hpe Nimble Storage Af20Q All Flash Dual Controller, Hpe Nimble Storage Af40 All Flash Dual Controller, Hpe Nimble Storage Af60 All Flash Dual Controller.