Cyber Resilience

CVE-2021-26588

Critical

Published: 11 October 2021

Published
11 October 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0171 82.7th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-26588 is a critical-severity an unspecified weakness vulnerability in Hpe 3Par Os. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 17.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely…

more

the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

hpe
3par os
3.3.1_mp5_p156, 3.3.1_mu1, 3.3.1_mu2_p157, 3.3.2_ga_p_01
hpe
primera 630 firmware
4.0.0 — 4.3.3
hpe
primera 650 firmware
4.0.0 — 4.3.3
hpe
primera 670 firmware
4.0.0 — 4.3.3
hpe
alletra 9060 firmware
9.3.0 — 9.4.0
hpe
alletra 9080 firmware
9.3.0 — 9.4.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References