CVE-2022-28620
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27. HPE has provided a software update to resolve this vulnerability in HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX Supercomputers.
Se ha detectado una vulnerabilidad de omisión de autenticación remota en HPE Cray Legacy Shasta System Solutions versiones; HPE Slingshot; y HPE Cray EX: Antes del firmware del controlador de nodo asociado a HPE Cray EX liquid cooled blades, y todas las versiones del firmware del controlador de chasis asociado a HPE Cray EX liquid cooled cabinets anteriores a 1.6.27/1.5.33/1.4.27; Todas las versiones de Slingshot anteriores a 1.7.2; Todas las versiones del firmware del controlador de nodo asociado a HPE Cray EX liquid cooled blades, y todas las versiones del firmware de HPE Cray EX liquid cooled cabinets anteriores a 1.6.27/1.5.33/1.4.27. HPE ha proporcionado una actualización de software para resolver esta vulnerabilidad en HPE Cray Legacy Shasta System Solutions, HPE Slingshot y HPE Cray EX Supercomputers
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-04 CVE Reserved
- 2022-06-24 CVE Published
- 2024-08-03 CVE Updated
- 2024-09-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hpe Search vendor "Hpe" | Slingshot Firmware Search vendor "Hpe" for product "Slingshot Firmware" | < 1.7.2 Search vendor "Hpe" for product "Slingshot Firmware" and version " < 1.7.2" | - |
Affected
| in | Hpe Search vendor "Hpe" | Slingshot Search vendor "Hpe" for product "Slingshot" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Ex Supercomputers Firmware Search vendor "Hpe" for product "Cray Ex Supercomputers Firmware" | 1.4.27 Search vendor "Hpe" for product "Cray Ex Supercomputers Firmware" and version "1.4.27" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Ex Supercomputers Search vendor "Hpe" for product "Cray Ex Supercomputers" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Ex Supercomputers Firmware Search vendor "Hpe" for product "Cray Ex Supercomputers Firmware" | 1.5.33 Search vendor "Hpe" for product "Cray Ex Supercomputers Firmware" and version "1.5.33" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Ex Supercomputers Search vendor "Hpe" for product "Cray Ex Supercomputers" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Ex Supercomputers Firmware Search vendor "Hpe" for product "Cray Ex Supercomputers Firmware" | 1.6.27 Search vendor "Hpe" for product "Cray Ex Supercomputers Firmware" and version "1.6.27" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Ex Supercomputers Search vendor "Hpe" for product "Cray Ex Supercomputers" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Sh Supercomputer Air Cooled Base System Code Firmware Search vendor "Hpe" for product "Cray Sh Supercomputer Air Cooled Base System Code Firmware" | 1.4.27 Search vendor "Hpe" for product "Cray Sh Supercomputer Air Cooled Base System Code Firmware" and version "1.4.27" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Sh Supercomputer Air Cooled Base System Code Search vendor "Hpe" for product "Cray Sh Supercomputer Air Cooled Base System Code" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Sh Supercomputer Air Cooled Base System Code Firmware Search vendor "Hpe" for product "Cray Sh Supercomputer Air Cooled Base System Code Firmware" | 1.5.33 Search vendor "Hpe" for product "Cray Sh Supercomputer Air Cooled Base System Code Firmware" and version "1.5.33" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Sh Supercomputer Air Cooled Base System Code Search vendor "Hpe" for product "Cray Sh Supercomputer Air Cooled Base System Code" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Sh Supercomputer Air Cooled Base System Code Firmware Search vendor "Hpe" for product "Cray Sh Supercomputer Air Cooled Base System Code Firmware" | 1.6.27 Search vendor "Hpe" for product "Cray Sh Supercomputer Air Cooled Base System Code Firmware" and version "1.6.27" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Sh Supercomputer Air Cooled Base System Code Search vendor "Hpe" for product "Cray Sh Supercomputer Air Cooled Base System Code" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Base System Code Firmware Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Base System Code Firmware" | 1.4.27 Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Base System Code Firmware" and version "1.4.27" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Base System Code Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Base System Code" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Base System Code Firmware Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Base System Code Firmware" | 1.5.33 Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Base System Code Firmware" and version "1.5.33" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Base System Code Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Base System Code" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Base System Code Firmware Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Base System Code Firmware" | 1.6.27 Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Base System Code Firmware" and version "1.6.27" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Base System Code Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Base System Code" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Tds Base System Code Firmware Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Tds Base System Code Firmware" | 1.4.27 Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Tds Base System Code Firmware" and version "1.4.27" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Tds Base System Code Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Tds Base System Code" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Tds Base System Code Firmware Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Tds Base System Code Firmware" | 1.5.33 Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Tds Base System Code Firmware" and version "1.5.33" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Tds Base System Code Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Tds Base System Code" | - | - |
Safe
|
| Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Tds Base System Code Firmware Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Tds Base System Code Firmware" | 1.6.27 Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Tds Base System Code Firmware" and version "1.6.27" | - |
Affected
| in | Hpe Search vendor "Hpe" | Cray Sh Supercomputer Liquid Cooled Tds Base System Code Search vendor "Hpe" for product "Cray Sh Supercomputer Liquid Cooled Tds Base System Code" | - | - |
Safe
|