HPE Updates
1740Warning Date
Severity Level
Warning Number
Target Sector
12 October, 2021
● High
2021-3659
All
Description:
HPE has released security updates to address a vulnerability in the following products:
- SSL TOOLKIT T2813 Software Product Revisions (SPRs)
- T2813L02 through T2813L02^AAQ
- HP 3PAR StoreServ 10000 Storage 3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01 - the vulnerability was introduced in 3.3.1 MU1
- HPE 3PAR StoreServ 20000 3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01 - the vulnerability was introduced in 3.3.1 MU1
- HP 3PAR StoreServ 7000 Storage 3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01 - the vulnerability was introduced in 3.3.1 MU1
- HPE 3PAR StoreServ 8000 Storage 3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01 - the vulnerability was introduced in 3.3.1 MU1
- HPE 3PAR StoreServ 9000 Storage 3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01 - the vulnerability was introduced in 3.3.1 MU1
- HPE Primera 600 Storage 4.0.0 to 4.2.8 or 4.0.0 to 4.3.3 - the vulnerability was introduced in 4.0.0
- HPE Alletra 9000 9.3.0 to 9.3.3 or 9.3.0 to 9.4.0 - the vulnerability was introduced in 9.3.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Execute arbitrary code -remotely
Best practice and Recommendations:
The CERT team encourages users to review HPE security advisory and apply the necessary updates: