CVE-2019-12002 - OpenCVE

A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Hpe	Msa 2040 Msa 2052 Firmware Msa 2042 Msa 2050 Msa 1050 Msa 2042 Firmware Msa 1040 Msa 2052 Msa 1050 Firmware Msa 2050 Firmware Msa 1040 Firmware Msa 2040 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hpe:msa_1040_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:msa_1040:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hpe:msa_2040_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:msa_2040:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hpe:msa_2042_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:msa_2042:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hpe:msa_1050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:msa_1050:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hpe:msa_2050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:msa_2050:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hpe:msa_2052_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hpe:msa_2052:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03940en_us	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2020-04-17T13:58:32

Updated: 2020-04-17T13:58:32

Reserved: 2019-05-13T00:00:00

Link: CVE-2019-12002

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-17T14:15:14.410

Modified: 2020-04-28T14:57:33.733

Link: CVE-2019-12002

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage", "vendor": "n/a", "versions": [{"status": "affected", "version": "HPE MSA 1040 SAN Storage GL225P001 and earlier"}, {"status": "affected", "version": "HPE MSA 2040 SAN Storage GL225P001 and earlier"}, {"status": "affected", "version": "HPE MSA 2042 SAN Storage GL225P001 and earlier"}, {"status": "affected", "version": "HPE MSA 1050 SAN Storage VE270R001-01 and earlier"}, {"status": "affected", "version": "HPE MSA 2050 SAN Storage VL270R001-01 and earlier"}, {"status": "affected", "version": "HPE MSA 2052 SAN Storage VL270R001-01 and earlier"}]}], "descriptions": [{"lang": "en", "value": "A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier."}], "problemTypes": [{"descriptions": [{"description": "Remote: Session Reuse", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-17T13:58:32", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03940en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2019-12002", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage", "version": {"version_data": [{"version_value": "HPE MSA 1040 SAN Storage GL225P001 and earlier"}, {"version_value": "HPE MSA 2040 SAN Storage GL225P001 and earlier"}, {"version_value": "HPE MSA 2042 SAN Storage GL225P001 and earlier"}, {"version_value": "HPE MSA 1050 SAN Storage VE270R001-01 and earlier"}, {"version_value": "HPE MSA 2050 SAN Storage VL270R001-01 and earlier"}, {"version_value": "HPE MSA 2052 SAN Storage VL270R001-01 and earlier"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote: Session Reuse"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03940en_us", "refsource": "MISC", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03940en_us"}]}}}}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2019-12002", "datePublished": "2020-04-17T13:58:32", "dateReserved": "2019-05-13T00:00:00", "dateUpdated": "2020-04-17T13:58:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:msa_1040_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9BC6A1E-CBF9-49A1-9540-12E38C6F8503", "versionEndIncluding": "gl225p001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:msa_1040:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A48B0A7-331A-43F5-9FA9-3D71DE7B635D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:msa_2040_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D64C08AB-1FBB-4390-AC3E-32D19F55D4A0", "versionEndIncluding": "gl225p001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:msa_2040:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA90C555-8597-4082-9C6F-8CCCB0CFF603", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:msa_2042_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D3FF14D-8EEE-4116-9D9B-0840BBCE8C04", "versionEndIncluding": "gl225p001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:msa_2042:-:*:*:*:*:*:*:*", "matchCriteriaId": "34D5BBA3-539D-4F7C-AE0A-B7A1890CBC1E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:msa_1050_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F792461-024C-4D02-8E26-5FC9E4DDF2F0", "versionEndIncluding": "ve270r001-01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:msa_1050:-:*:*:*:*:*:*:*", "matchCriteriaId": "5A9230A0-1740-4B37-936B-34046F9B07C3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:msa_2050_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAD11028-F462-47FF-A01D-F7A0539685D6", "versionEndIncluding": "vl270r001-01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:msa_2050:-:*:*:*:*:*:*:*", "matchCriteriaId": "18B281EF-C465-449D-84F6-853A7F511351", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:msa_2052_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "46E456A8-0506-4D4E-A6B6-CF929DB565D7", "versionEndIncluding": "vl270r001-01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:msa_2052:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8A9D844-95F5-447F-8705-67BD34C49418", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de reutilizaci\u00f3n de sesi\u00f3n remota conllevando a una omisi\u00f3n de la restricci\u00f3n de acceso en HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage versiones: GL225P001 y anteriores; GL225P001 y anteriores; VE270R001-01 y anteriores; GL225P001 y anteriores; VL270R001-01 y anteriores; VL270R001-01 y anteriores."}], "id": "CVE-2019-12002", "lastModified": "2020-04-28T14:57:33.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-17T14:15:14.410", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03940en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}