NimbleOS versions 3.9.2.0 Improper Privilege Management Vulnerability

Summary

Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi-array group configurations.

Credit:

The information has been provided by Vendor

The original article can be found at:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us


Details

The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.

 

Vulnerable Systems:

NimbleOS versions  3.9.2.0 

NimbleOS versions  4.5.5.0

NimbleOS versions  5.0.8.0  

NimbleOS versions  5.1.3.0

 

CVE Information:

CVE-2019-11996

Disclosure Timeline:
Published Date:11/7/2019