CVE-2022-23703 Vulnerability Details

  /     /     /  

CVE-2022-23703 Metadata Quick Info

CVE Published: 12/04/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: hpe | Vendor: n/a | Product: HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays
Status : PUBLISHED

---

CVE-2022-23703 Description

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: remote code execution
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).