PT-2022-10: Local Authentication Restriction Bypass in HPE OneView

HIGH

(8.5) CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Check your traffic-for free

Vulnerability vector:

Base vulnerability score (CVSSv3.1): CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity (CVSSv3.1): 7.8 (high)
Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Severity (CVSSv4.0): 8.5 (high)

Description:

The vulnerability was identified in HPE OneView versions before 6.6.

The discovered vulnerability allows an attaker to bypass local authentication restriction.

Vulnerability status: Confirmed by vendor

Date of vulnerability remediation: 29.03.2022

Recommendations:

Additional information: Security Bulletin

Researcher: Nikita Abramov (Positive Technologies)

Identifier:

CVE-2022-23699

BDU:2022-05032

Vendor:

HP Inc.

Vulnerable product:

HPE OneView

Vulnerable version:

prior to 6.6

Get in touch

Fill in the form and our specialists
will contact you shortly

General
questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Request a pilot

Test drive our solutions with a customized pilot program.