Hewlett Packard Enterprise (HPE) has fixed a maximum severity remote authentication bypass vulnerability that affects the company's HPE StoreServ Management Console (SSMC) data center management solution.
Severity score 10/10
Vulnerability to bypass remote control identity referred to as CVE-2020-7197 and affects HP 3PAR StoreServ Management and Core Software Media prior to version 18.104.22.168.
CVE-2020-7197 was assessed by the IPE as a maximum severity vulnerability (10/10) that allows threatening factors without the privilege of exploiting it as part of low-complexity attacks that do not require interaction to users.
To mitigate the defect, HPE recommends upgrading the HPE 3PAR StoreServ (SSMC) management console to version 22.214.171.124 or later.
“This SSMC version includes major security bug fixes and enhancements quality which strengthen the security attitude of SSMC devices ", says the changelog.
The critical SSMC vulnerability was identified and reported by Elwood Buck of the MindPoint Group, according to the US security advisory.