What is the severity of CVE-2022-23703?

CVE-2022-23703 has a severity rating of 7.5, which is considered high.

How can I fix CVE-2022-23703?

To mitigate CVE-2022-23703, it is recommended to apply the necessary security updates provided by HPE for the affected software versions.

Vulnerability/
CVE-2022-23703

high

7.5

12/4/2022

3/8/2024

CVE-2022-23703

Q: What is CVE-2022-23703?

CVE-2022-23703 is a security vulnerability found in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays during software updates.

Q: How does CVE-2022-23703 impact me?

CVE-2022-23703 potentially allows an attacker to intercept and modify network communication for software updates on affected HPE Nimble Storage products.

Q: Which software versions are affected by CVE-2022-23703?

Software versions 5.0.10.100 up to, but excluding, 5.2.1.500, and version 5.3.1.0 of HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays are affected by CVE-2022-23703.

First published: Tue Apr 12 2022(Updated: )

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100

Credit: security-alert@hpe.com

Affected Software	Affected Version	How to fix
Hpe Nimbleos	<5.0.10.100
Hpe Nimbleos	>=5.1.0.0<5.2.1.500
Hpe Nimbleos	=5.3.1.0

Never miss a vulnerability like this again

Reference Links

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04268en_us

Frequently Asked Questions

What is CVE-2022-23703?
CVE-2022-23703 is a security vulnerability found in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays during software updates.
How does CVE-2022-23703 impact me?
CVE-2022-23703 potentially allows an attacker to intercept and modify network communication for software updates on affected HPE Nimble Storage products.
Which software versions are affected by CVE-2022-23703?
Software versions 5.0.10.100 up to, but excluding, 5.2.1.500, and version 5.3.1.0 of HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays are affected by CVE-2022-23703.
What is the severity of CVE-2022-23703?
CVE-2022-23703 has a severity rating of 7.5, which is considered high.
How can I fix CVE-2022-23703?
To mitigate CVE-2022-23703, it is recommended to apply the necessary security updates provided by HPE for the affected software versions.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/author
agent/references
agent/description
agent/event
agent/first-publish-date
agent/tags
agent/source
vendor/hpe
canonical/hpe nimbleos
version/hpe nimbleos/5.1.0.0
version/hpe nimbleos/5.3.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.