CVE-2021-26588
published 2021-10-11CVE-2021-26588: A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.75%
75.1th percentile
A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hpe | 3par_os | — | — |
| hpe | 3par_os | — | — |
| hpe | 3par_os | — | — |
| hpe | 3par_os | — | — |
| hpe | alletra_9060_firmware | 9.3.0 – 9.4.0 | — |
| hpe | alletra_9080_firmware | 9.3.0 – 9.4.0 | — |
| hpe | primera_630_firmware | 4.0.0 – 4.3.3 | — |
| hpe | primera_650_firmware | 4.0.0 – 4.3.3 | — |
| hpe | primera_670_firmware | 4.0.0 – 4.3.3 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-11
Published