HPE fixed a remote authentication bypass vulnerability in HPE StoreServ Management Console (SSMC) data center storage management solution.
Hewlett Packard Enterprise (HPE) has addressed a maximum severity (rated 10/10) remote authentication bypass vulnerability, tracked as CVE-2020-7197, affecting the HPE StoreServ Management Console (SSMC) data center storage management solution.
The CVE-2020-7197 flaw is a remote authentication bypass vulnerability that affects HPE 3PAR StoreServ Management and Core Software Media prior to 220.127.116.11.
“HPE StoreServ Management Console 18.104.22.168 is an off node multiarray manager web application and remains isolated from data on the managed arrays. SSMC is vulnerable to remote authentication bypass.” reads the advisory.
The flaw can be exploited by threat actors with no privileges and doesn’t require user interaction.
HPE has addressed the issue with the release of the HPE 3PAR StoreServ Management Console 22.214.171.124.
“This SSMC release includes important security and quality improvement defect fixes that strengthen the security posture of SSMC appliances,” reads the changelog.
Hewlett Packard Enterprise acknowledged the researchers Elwood Buck from MindPoint Group for reporting the flaw.
(SecurityAffairs – hacking, StoreServ Management Console)