HP StoreVirtual 4000 and StoreVirtual VSA Software < 11.5 Multiple Vulnerabilities

high Nessus Plugin ID 76913

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote HP storage system, running HP StoreVirtual 4000 Storage and StoreVirtual VSA, is version 9.5.x or later but prior to 11.5. It is, therefore, affected by the following vulnerabilities :

- An unspecified information disclosure vulnerability exists that allows a remote attacker to obtain potentially sensitive information via unknown vectors.
(CVE-2014-2605)

- A privilege escalation vulnerability exists that allows an authenticated, remote attacker to gain privileges via unknown vectors. (CVE-2014-2606)

Solution

Upgrade to HP StoreVirtual 4000 Storage and StoreVirtual VSA version 11.5 or higher.

See Also

http://www.nessus.org/u?a83e4c44

Plugin Details

Severity: High

ID: 76913

File Name: hp_vsa_11_5.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 7/30/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:storevirtual_vsa, cpe:/a:hp:storage_management_software

Exploit Ease: No known exploits are available

Patch Publication Date: 7/14/2014

Vulnerability Publication Date: 7/14/2014

Reference Information

CVE: CVE-2014-2605, CVE-2014-2606

BID: 68538, 68542

HP: HPSBST03039, SSRT101457, emr_na-c04281279