Login Sign Up

CVE-2019-5402

9.4 CRITICAL
Authentication Bypass

📋 TL;DR

A remote authorization bypass vulnerability in HPE 3PAR StoreServ Management and Core Software allows attackers to bypass authentication mechanisms and gain unauthorized access to storage management functions. This affects all systems running versions prior to 3.5.0.1 of the HPE 3PAR StoreServ software.

💻 Affected Systems

Products:
  • HPE 3PAR StoreServ Management and Core Software Media
Versions: All versions prior to 3.5.0.1
Operating Systems: Not OS-specific - affects HPE 3PAR storage systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the management interface of HPE 3PAR storage systems. The vulnerability is in the software itself, not dependent on specific configurations.

📦 What is this software?

3par Storeserv Management Console by Hp

View all CVEs affecting 3par Storeserv Management Console →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of storage infrastructure, allowing attackers to delete, modify, or exfiltrate sensitive data, disrupt storage operations, or use the system as a pivot point to attack other network resources.

🟠

Likely Case

Unauthorized access to storage management functions, potentially leading to data exposure, configuration changes, or service disruption.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to management interfaces.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability allows remote authorization bypass, suggesting relatively straightforward exploitation once the attack vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.0.1 or later

Vendor Advisory: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03946en_us

Restart Required: Yes

Instructions:

1. Download the 3.5.0.1 or later software update from HPE Support. 2. Follow HPE's documented upgrade procedures for 3PAR StoreServ systems. 3. Apply the update during a maintenance window as system restart is required. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to the 3PAR management interface to only trusted administrative networks

Access Control Lists

all

Implement strict firewall rules to limit which IP addresses can access the management interface

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the 3PAR management interface from untrusted networks
  • Monitor all access attempts to the management interface and alert on any unauthorized access patterns

🔍 How to Verify

Check if Vulnerable:

Check the software version via the 3PAR management interface or CLI. If version is below 3.5.0.1, the system is vulnerable.

Check Version:

showversion (from 3PAR CLI) or check System Information in the management GUI

Verify Fix Applied:

After patching, verify the software version shows 3.5.0.1 or higher and test that authentication mechanisms are functioning properly.

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts followed by successful access
  • Unauthorized access to management functions from unexpected IP addresses
  • Configuration changes from unauthenticated or unauthorized users

Network Indicators:

  • Unusual traffic patterns to the management interface
  • Access attempts from non-administrative networks
  • Authentication bypass attempts

SIEM Query:

source="3par*" AND (event_type="auth_failure" OR event_type="config_change") AND src_ip NOT IN (admin_networks)

📊 Metadata

CVE ID: CVE-2019-5402
CVSS v3 Score: 9.4 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Published: August 9, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON