critical
9.4
Advisory Published
Updated

CVE-2019-11993

First published: Fri Jan 03 2020(Updated: )

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061675&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.

Credit: security-alert@hpe.com

Affected SoftwareAffected VersionHow to fix
Hp Simplivity 380 Gen9 Firmware>=3.6.2<=3.7.9
Hp Simplivity 380 Gen9
Hp Simplivity 380 Gen10 G Firmware>=3.7.8<=3.7.9
Hp Simplivity 380 Gen10 G
Hp Simplivity 380 Gen10 Firmware>=3.7.1<=3.7.9
Hp Simplivity 380 Gen10
Hp Simplivity 2600 Gen10 Firmware>=3.7.5<=3.7.9
Hp Simplivity 2600 Gen10
Hp Simplivity Omnicube Firmware>=3.0.8<=3.7.9
Hp Simplivity Omnicube
Hp Simplivity Omnistack For Dell Firmware>=3.0.8<=3.7.9
Hp Simplivity Omnistack For Dell
Hp Simplivity Omnistack For Cisco Firmware>=3.0.8<=3.7.9
Hp Simplivity Omnistack For Cisco
Hp Simplivity Omnistack For Lenovo Firmware>=3.0.8<=3.7.9
Hp Simplivity Omnistack For Lenovo

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2019-11993?

    CVE-2019-11993 is a security vulnerability that has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo, and SimpliVity OmniStack for Dell nodes.

  • What software is affected by CVE-2019-11993?

    The software affected by CVE-2019-11993 includes HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo, and SimpliVity OmniStack for Dell.

  • What is the severity of CVE-2019-11993?

    CVE-2019-11993 has a severity rating of 7.5 (Critical).

  • How can I fix CVE-2019-11993?

    To fix CVE-2019-11993, it is recommended to update to HPE SimpliVity firmware versions 3.7.9, 3.7.8, 3.7.1, 3.7.5, or 3.0.8, depending on your specific software version.

  • Where can I find more information about CVE-2019-11993?

    You can find more information about CVE-2019-11993 on the HPE support website.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203