cnvd - cnvd-2020-35392

CNVD-2020-35392

Vulnerability from cnvd - Published: 2020-06-30

Title

HPE Smart Update Manager访问限制绕过漏洞

Description

HPE Smart Update Manager（SUM）是美国惠普企业公司（Hewlett Packard Enterprise，HPE）的一款智能更新管理器。该产品主要用于安装和更新HP ProLiant和HP Integrity服务器、机箱和选件上的固件和软件组件。 HPE Smart Update Manager (SUM) 8.5.6之前版本中存在安全漏洞。远程攻击者可利用该漏洞绕过访问限制。

Severity

高

Patch Name

HPE Smart Update Manager访问限制绕过漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03997en_us

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7136

Impacted products

Name
HPE Smart Update Manager (SUM) <8.5.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7136"
    }
  },
  "description": "HPE Smart Update Manager\uff08SUM\uff09\u662f\u7f8e\u56fd\u60e0\u666e\u4f01\u4e1a\u516c\u53f8\uff08Hewlett Packard Enterprise\uff0cHPE\uff09\u7684\u4e00\u6b3e\u667a\u80fd\u66f4\u65b0\u7ba1\u7406\u5668\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u5b89\u88c5\u548c\u66f4\u65b0HP ProLiant\u548cHP Integrity\u670d\u52a1\u5668\u3001\u673a\u7bb1\u548c\u9009\u4ef6\u4e0a\u7684\u56fa\u4ef6\u548c\u8f6f\u4ef6\u7ec4\u4ef6\u3002\n\nHPE Smart Update Manager (SUM) 8.5.6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03997en_us",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-35392",
  "openTime": "2020-06-30",
  "patchDescription": "HPE Smart Update Manager\uff08SUM\uff09\u662f\u7f8e\u56fd\u60e0\u666e\u4f01\u4e1a\u516c\u53f8\uff08Hewlett Packard Enterprise\uff0cHPE\uff09\u7684\u4e00\u6b3e\u667a\u80fd\u66f4\u65b0\u7ba1\u7406\u5668\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u5b89\u88c5\u548c\u66f4\u65b0HP ProLiant\u548cHP Integrity\u670d\u52a1\u5668\u3001\u673a\u7bb1\u548c\u9009\u4ef6\u4e0a\u7684\u56fa\u4ef6\u548c\u8f6f\u4ef6\u7ec4\u4ef6\u3002\r\n\r\nHPE Smart Update Manager (SUM) 8.5.6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HPE Smart Update Manager\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "HPE Smart Update Manager (SUM) \u003c8.5.6"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7136",
  "serverity": "\u9ad8",
  "submitTime": "2020-05-07",
  "title": "HPE Smart Update Manager\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2020-7136 (GCVE-0-2020-7136)

Vulnerability from cvelistv5 – Published: 2020-04-30 19:17 – Updated: 2024-08-04 09:18

Summary

A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).

Severity ?

No CVSS data available.

CWE

remote denial of service (dos); remote unauthorized access

Assigner

hpe

References

URL

Tags

https://support.hpe.com/hpsc/doc/public/display?d…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Hewlett Packard Enterprise	Smart Update Manager (SUM)	Affected: Prior to v8.5.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03997en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Smart Update Manager (SUM)",
          "vendor": "Hewlett Packard Enterprise",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to v8.5.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote denial of service (dos); remote unauthorized access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-30T19:17:53",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03997en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2020-7136",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Smart Update Manager (SUM)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to v8.5.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hewlett Packard Enterprise"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote denial of service (dos); remote unauthorized access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03997en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03997en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2020-7136",
    "datePublished": "2020-04-30T19:17:53",
    "dateReserved": "2020-01-16T00:00:00",
    "dateUpdated": "2024-08-04T09:18:03.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-35392

CVE-2020-7136 (GCVE-0-2020-7136)

Tags

Sightings

Nomenclature