Strix
26.1K

CVE-2020-7131

CRITICALCVSS 9/10EPSS 1.14%

Last modified

CVE-2020-7131 is a critical-severity vulnerability rated 9/10 on the CVSS scale. This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. EPSS estimates a 1.14% chance of exploitation in the next 30 days.

Description

This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access to the Maintenance LAN to which Blade Maintenance Entity, Integrated Maintenance Entity or Maintenance Entity product is connected. **Workaround:** Block the UDP port 17185(In the Maintenance LAN Network Switch/Firewall). Fix: Install following SPRs, which are already available: * T1805A01^AAI (Integrated Maintenance Entity) * T4805A01^AAZ (Blade Maintenance Entity). These SPRs are also usable with the following RVUs: * J06.19.00 ? J06.23.01. No fix planned for the following RVUs: J06.04.00 ? J06.18.01. No fix planned for H-Series NonStop systems. No fix planned for the product T2805 (Maintenance Entity).

Metrics

CVSS 3.1
9/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

EPSS Probability
1.14%

62.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HpBlade Maintenance Entity>= t4805a01, <= t4805a01\^aay
HpIntegrated Maintenance Entity>= t2805a01, <= t2805a01\^aau
HpMaintenance Entity>= t1805a01, <= t1805a01\^aah

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-7131?
This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access to the Maintenance LAN to which Blade Maintenance Entity, Integrated Maintenance Entity or Maintenance Entity product is connected. **Workaround:** Block the UDP port 17185(In the Maintenance LAN Network Switch/Firewall). Fix: Install following SPRs, which are already available: * T1805A01^AAI (Integrated Maintenance Entity) * T4805A01^AAZ (Blade Maintenance Entity). These SPRs are also usable with the following RVUs: * J06.19.00 ? J06.23.01. No fix planned for the following RVUs: J06.04.00 ? J06.18.01. No fix planned for H-Series NonStop systems. No fix planned for the product T2805 (Maintenance Entity).
How severe is CVE-2020-7131?
CVE-2020-7131 has a CVSS score of 9/10 (CRITICAL severity). The EPSS model estimates a 1.14% probability of exploitation in the next 30 days.
How do I fix CVE-2020-7131?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-7131?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST