First published: Fri Apr 17 2020(Updated: )
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Hpe Msa 1040 Firmware | <=gl225p001 | |
HPE MSA 1040 | ||
Hpe Msa 2040 Firmware | <=gl225p001 | |
HPE MSA 2040 | ||
Hpe Msa 2042 Firmware | <=gl225p001 | |
HPE MSA 2042 | ||
Hpe Msa 1050 Firmware | <=ve270r001-01 | |
HPE MSA 1050 | ||
Hpe Msa 2050 Firmware | <=vl270r001-01 | |
HPE MSA 2050 | ||
Hpe Msa 2052 Firmware | <=vl270r001-01 | |
HPE MSA 2052 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12001 has been classified as a medium severity vulnerability.
To mitigate CVE-2019-12001, upgrade to firmware versions newer than GL225P001 for HPE MSA 1040, 2040, 1050, 2042, 2050, and 2052.
CVE-2019-12001 affects HPE MSA 1040, 2040, 1050, 2042, 2050, and 2052 SAN Storage with specific firmware versions.
Yes, CVE-2019-12001 allows for remote session reuse, potentially enabling unauthorized access.
There are no specific workarounds for CVE-2019-12001; updating to a secure firmware version is necessary.