Multiple vulnerabilities in HPE SANnav Management Software
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2022-28167 CVE-2022-28166 CVE-2022-28168 CVE-2019-1559 CVE-2021-23017 CVE-2022-21291 CVE-2022-21305 CVE-2021-2388 CVE-2021-2432 |
| CWE-ID | CWE-311 CWE-321 CWE-327 CWE-193 CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #5 is available. |
| Vulnerable software Subscribe |
HPE SANnav Management Software Web applications / Other software |
| Vendor | HPE |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Missing Encryption of Sensitive Data
EUVDB-ID: #VU64655
Risk: Low
CVSSv3.1: 6.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28167
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to Brocade SANanv logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log. A local user with access to log files can view passwords of other users in plain text.
Install update from vendor's website.
Vulnerable software versionsHPE SANnav Management Software: 2.1.0.0 - 2.2.0.1
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04329en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of Hard-coded Cryptographic Key
EUVDB-ID: #VU64656
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28166
CWE-ID:
CWE-321 - Use of Hard-coded Cryptographic Key
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to usage of hardcoded cryptographic key for TLS/SSL communication via ports 443/TCP and 18082/TCP. A remote attacker can intercept and decrypt traffic between client and server.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE SANnav Management Software: 2.1.0.0 - 2.2.0.1
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04329en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Missing Encryption of Sensitive Data
EUVDB-ID: #VU64653
Risk: Low
CVSSv3.1: 6.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28168
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to encoded scp-server passwords being stored using Base64 encoding. A local user with access to log files can decode all passwords.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE SANnav Management Software: 2.1.0.0 - 2.2.0.1
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04329en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU17860
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1559
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to decrypt sensitive information.
The vulnerability exists due to the way an application behaves, when it receives a 0-byte record with invalid padding compared to the record with an invalid MAC, which results in padding oracle. A remote attacker can decrypt data.
Successful exploitation of the vulnerability requires that the application is using "non-stitched" ciphersuites and calls SSL_shutdown() twice (first, via a BAD_RECORD_MAC and again via a CLOSE_NOTIFY).Mitigation
Install update from vendor's website.
Vulnerable software versionsHPE SANnav Management Software: 2.1.0.0 - 2.2.0.1
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04329en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Off-by-one
EUVDB-ID: #VU53543
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-23017
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error within the ngx_resolver_copy() function when processing DNS responses. A remote attacker can trigger an off-by-one error, write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer and execute arbitrary code on the system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE SANnav Management Software: 2.1.0.0 - 2.2.0.1
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04329en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Improper input validation
EUVDB-ID: #VU59719
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21291
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE SANnav Management Software: 2.1.0.0 - 2.2.0.1
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04329en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU59720
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21305
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE SANnav Management Software: 2.1.0.0 - 2.2.0.1
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04329en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU55057
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2388
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE SANnav Management Software: 2.1.0.0 - 2.2.0.1
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04329en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU55059
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2432
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the JNDI component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE SANnav Management Software: 2.1.0.0 - 2.2.0.1
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04329en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
