Description:

HPE has released security updates to address a vulnerability in the following products:

• SSL TOOLKIT T2813 Software Product Revisions (SPRs)
  • T2813L02 through T2813L02^AAQ
• HP 3PAR StoreServ 10000 Storage 3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01 - the vulnerability was introduced in 3.3.1 MU1
• HPE 3PAR StoreServ 20000 3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01 - the vulnerability was introduced in 3.3.1 MU1
• HP 3PAR StoreServ 7000 Storage 3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01 - the vulnerability was introduced in 3.3.1 MU1
• HPE 3PAR StoreServ 8000 Storage 3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01 - the vulnerability was introduced in 3.3.1 MU1
• HPE 3PAR StoreServ 9000 Storage 3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01 - the vulnerability was introduced in 3.3.1 MU1
• HPE Primera 600 Storage 4.0.0 to 4.2.8 or 4.0.0 to 4.3.3 - the vulnerability was introduced in 4.0.0
• HPE Alletra 9000 9.3.0 to 9.3.3 or 9.3.0 to 9.4.0 - the vulnerability was introduced in 9.3.0

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Denial of service attack (DoS)
• Execute arbitrary code -remotely

Best practice and Recommendations:

The CERT team encourages users to review HPE security advisory and apply the necessary updates:

• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04191en_us
• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04202en_us