Hpe: Security Vulnerabilities
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
CVSS Score
6.6
EPSS Score
0.003
Published
2023-08-29
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVSS Score
4.5
EPSS Score
0.002
Published
2023-08-29
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
CVSS Score
8.8
EPSS Score
0.011
Published
2023-08-01
The vulnerability could be locally exploited to allow escalation of privilege.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-18
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-16
The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-16
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
CVSS Score
5.5
EPSS Score
0.001
Published
2023-04-25
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials
CVSS Score
5.5
EPSS Score
0.001
Published
2023-04-14
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.
CVSS Score
8.3
EPSS Score
0.002
Published
2023-03-22
Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-03-22