CVE-2021-26588

CRITICAL

HPE 3PAR, Primera, and Alletra 9000 - Unauthenticated Administrator Code Execution

Title source: manual

Description

A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us

Scores

CVSS v3 9.8

EPSS 0.0171

EPSS Percentile 82.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (9)

hpe/3par_os 3.3.1_mp5_p156

hpe/3par_os 3.3.1_mu1

hpe/3par_os 3.3.1_mu2_p157

hpe/3par_os 3.3.2_ga_p_01

hpe/alletra_9060_firmware 9.3.0 - 9.4.0

hpe/alletra_9080_firmware 9.3.0 - 9.4.0

hpe/primera_630_firmware 4.0.0 - 4.3.3

hpe/primera_650_firmware 4.0.0 - 4.3.3

hpe/primera_670_firmware 4.0.0 - 4.3.3

Published Oct 11, 2021

Tracked Since Feb 18, 2026