HPE fixes critical flaw in 3PAR service processor allowing authentication bypass
Take action: If you are running 3PAR storage systems, make sure your 3PAR service processor is accessible only from a trusted network. The patch ASAP.
Learn More
Hewlett Packard Enterprise (HPE) has fixed a critical security vulnerability in its 3PAR Service Processor software, which is integral to the operation of HPE 3PAR StoreServ Storage systems.
The flaw, tracked as CVE-2024-22442 (CVSS score 9.8), permits remote attackers to bypass authentication mechanisms. The vulnerability is in the Service Processor, a component responsible for data collection and transmission for monitoring and analysis by HPE. Exploiting this vulnerability could allow attackers to bypass authentication, gaining unauthorized access to the Service Processor and potentially compromising the integrity, confidentiality, and availability of data managed by the HPE 3PAR StoreServ Storage systems.
If exploited, this vulnerability could lead to:
- Unauthorized access to sensitive data.
- Unauthorized modifications to the storage systems.
- Disruption of storage operations.
HPE has released a patched version of the Service Processor software, version 5.1.2. Organizations using affected versions should upgrade to version 5.1.2 immediately to mitigate the risk of exploitation.
