Description
A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037762
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95970
Scores
CVSS v3
7.6
EPSS
0.0200
EPSS Percentile
83.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Details
CWE
CWE-284
Status
published
Products (1)
hp/lefthand
< 12.5
Published
Feb 15, 2018
Tracked Since
Feb 18, 2026