First published: Fri Apr 17 2020(Updated: )
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Hpe Msa 1040 Firmware | <=gl225p001 | |
HPE MSA 1040 | ||
Hpe Msa 2040 Firmware | <=gl225p001 | |
HPE MSA 2040 | ||
Hpe Msa 2042 Firmware | <=gl225p001 | |
HPE MSA 2042 | ||
Hpe Msa 1050 Firmware | <=ve270r001-01 | |
HPE MSA 1050 | ||
Hpe Msa 2050 Firmware | <=vl270r001-01 | |
HPE MSA 2050 | ||
Hpe Msa 2052 Firmware | <=vl270r001-01 | |
HPE MSA 2052 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12002 is rated as a high-severity vulnerability due to its potential for remote session reuse and access restriction bypass.
To mitigate CVE-2019-12002, upgrade to firmware version GL225P002 or later for affected HPE MSA Storage models.
CVE-2019-12002 affects HPE MSA 1040, 1050, 2040, 2042, 2050, and 2052 models running specific firmware versions.
The impact of CVE-2019-12002 includes the risk of unauthorized access to sensitive data due to session reuse.
Yes, CVE-2019-12002 can be exploited remotely, allowing attackers to bypass access restrictions.