critical
10
Advisory Published
Updated

CVE-2021-26588

First published: Mon Oct 11 2021(Updated: )

A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware.

Credit: security-alert@hpe.com

Affected SoftwareAffected VersionHow to fix
Hpe 3par Os=3.3.1_mp5_p156
Hpe 3par Os=3.3.1_mu1
Hpe 3par Os=3.3.1_mu2_p157
Hpe 3par Os=3.3.2_ga_p_01
Hpe 3par Storeserv 10400
Hpe 3par Storeserv 10800
Hpe 3par Storeserv 20000
Hpe 3par Storeserv 7200c
Hpe 3par Storeserv 7400c
Hpe 3par Storeserv 7440c
Hpe 3par Storeserv 8000
Hpe 3par Storeserv 9000
Hpe Primera 630 Firmware>=4.0.0<=4.3.3
Hpe Primera 630
Hpe Primera 650 Firmware>=4.0.0<=4.3.3
Hpe Primera 650
Hpe Primera 670 Firmware>=4.0.0<=4.3.3
Hpe Primera 670
Hpe Alletra 9060 Firmware>=9.3.0<=9.4.0
Hpe Alletra 9060
Hpe Alletra 9080 Firmware>=9.3.0<=9.4.0
Hpe Alletra 9080

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2021-26588?

    CVE-2021-26588 is a potential security vulnerability identified in HPE 3PAR StoreServ, HPE Primera Storage, and HPE Alletra 9000 Storage array firmware.

  • How does CVE-2021-26588 impact HPE products?

    CVE-2021-26588 allows an unauthenticated user to remotely exploit a low complexity issue and execute code as an administrator, impacting the security of HPE 3PAR StoreServ, HPE Primera Storage, and HPE Alletra 9000 Storage.

  • Which versions of HPE 3PAR StoreServ are affected by CVE-2021-26588?

    Versions 3.3.1_mp5_p156, 3.3.1_mu1, 3.3.1_mu2_p157, and 3.3.2_ga_p_01 of HPE 3PAR StoreServ are affected by CVE-2021-26588.

  • Are the HPE 3PAR StoreServ 10400, 10800, 20000, 7200c, 7400c, 7440c, 8000, and 9000 vulnerable to CVE-2021-26588?

    No, the HPE 3PAR StoreServ 10400, 10800, 20000, 7200c, 7400c, 7440c, 8000, and 9000 are not vulnerable to CVE-2021-26588.

  • Where can I find more information about CVE-2021-26588?

    You can find more information about CVE-2021-26588 on the HPE support website: [link](https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203