CVE-2020-7138
First published: Tue May 19 2020(Updated: )
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hpe Nimbleos | >=3.1.0.0<=3.9.3.0 | |
| Hpe Nimbleos | >=4.1.0.0<=4.5.6.0 | |
| Hpe Nimbleos | >=5.0.1.0<=5.0.9.0 | |
| Hpe Nimbleos | >=5.1.0.0<=5.1.4.100 | |
| Hpe Nimble Storage Af20 All Flash Array | ||
| Hpe Nimble Storage Af20q All Flash Dual Controller | ||
| Hpe Nimble Storage Af40 All Flash Dual Controller | ||
| Hpe Nimble Storage Af60 All Flash Dual Controller | ||
| Hpe Nimble Storage Af80 All Flash Dual Controller | ||
| Hpe Nimble Storage Cs3000 | ||
| Hpe Nimble Storage Cs5000 | ||
| Hpe Nimble Storage Cs7000 | ||
| HPE Nimble Storage Secondary Flash Arrays |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-7138?
CVE-2020-7138 is a potential remote code execution security vulnerability identified in HPE Nimble Storage systems.
How can an attacker exploit CVE-2020-7138?
An attacker can exploit CVE-2020-7138 to gain elevated privileges on the affected HPE Nimble Storage system.
Which versions of NimbleOS are affected by CVE-2020-7138?
NimbleOS versions 3.1.0.0 through 3.9.3.0, 4.1.0.0 through 4.5.6.0, 5.0.1.0 through 5.0.9.0, and 5.1.0.0 through 5.1.4.100 are affected by CVE-2020-7138.
What is the severity of CVE-2020-7138?
CVE-2020-7138 has a severity rating of 8.8 (high).
How can I fix CVE-2020-7138?
To fix CVE-2020-7138, upgrade to the latest NimbleOS version that contains the software fix for this vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hpe
- canonical/hpe nimbleos
- version/hpe nimbleos/3.1.0.0
- version/hpe nimbleos/3.9.3.0
- version/hpe nimbleos/4.1.0.0
- version/hpe nimbleos/4.5.6.0
- version/hpe nimbleos/5.0.1.0
- version/hpe nimbleos/5.0.9.0
- version/hpe nimbleos/5.1.0.0
- version/hpe nimbleos/5.1.4.100
- canonical/hpe nimble storage af20 all flash array
- canonical/hpe nimble storage af20q all flash dual controller
- canonical/hpe nimble storage af40 all flash dual controller
- canonical/hpe nimble storage af60 all flash dual controller
- canonical/hpe nimble storage af80 all flash dual controller
- canonical/hpe nimble storage cs3000
- canonical/hpe nimble storage cs5000
- canonical/hpe nimble storage cs7000
- canonical/hpe nimble storage secondary flash arrays