CVE-2017-8960

9.8 CRITICAL

Authentication Bypass

📋 TL;DR

This authentication bypass vulnerability in HPE MSA storage systems allows attackers to gain unauthorized access without valid credentials. It affects HPE MSA 1040 and MSA 2040 SAN Storage systems running vulnerable firmware versions. Attackers could potentially access sensitive storage management functions and data.

💻 Affected Systems

Products:

• HPE MSA 1040 SAN Storage
• HPE MSA 2040 SAN Storage

Versions: GL220P008 and earlier

Operating Systems: Storage controller firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the storage management interface of these SAN systems.

📦 What is this software?

Msa 1040 San Storage Firmware by Hp

View all CVEs affecting Msa 1040 San Storage Firmware →

Msa 2040 San Storage Firmware by Hp

View all CVEs affecting Msa 2040 San Storage Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of storage system allowing data theft, destruction, or ransomware deployment across connected systems.

🟠

Likely Case

Unauthorized access to storage management interface leading to data exposure, configuration changes, or denial of service.

🟢

If Mitigated

Limited impact if systems are isolated, monitored, and have additional authentication layers.

🌐 Internet-Facing: HIGH - Directly accessible systems are immediately vulnerable to exploitation.

🏢 Internal Only: HIGH - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Authentication bypass vulnerabilities typically have low exploitation complexity once the method is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GL220P009 or later

Vendor Advisory: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us

Restart Required: Yes

Instructions:

1. Download firmware update GL220P009 or later from HPE support portal. 2. Backup current configuration. 3. Apply firmware update through storage management interface. 4. Reboot storage controllers as required by update process.

🔧 Temporary Workarounds

Network isolation

all

Restrict access to storage management interfaces to trusted networks only

Access control lists

all

Implement strict firewall rules limiting source IP addresses that can access management interfaces

🧯 If You Can't Patch

• Isolate storage management interfaces from untrusted networks and internet
• Implement additional authentication layers (VPN, jump hosts) for management access

🔍 How to Verify

Check if Vulnerable:

Copy

Check firmware version in storage management interface under System Information

Check Version:

Copy

No CLI command - check via web management interface at System > Information

Verify Fix Applied:

Copy

Confirm firmware version is GL220P009 or later in System Information

📡 Detection & Monitoring

Log Indicators:

• Unauthorized access attempts to management interface
• Authentication bypass patterns in web server logs
• Unexpected configuration changes

Network Indicators:

• Unusual traffic patterns to storage management ports (typically 80/443)
• Access from unexpected source IPs

SIEM Query:

Copy

source_ip NOT IN (trusted_management_ips) AND dest_port IN (80,443) AND dest_ip IN (storage_systems)

📊 Metadata

CVE ID: CVE-2017-8960

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: February 15, 2018

Last Updated: November 21, 2024

🔗 References

• https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us Vendor Advisory
• https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON