Superdome Flex Server Firmware
CVE-2022-23702
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later.
AnalysisAI
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later. Affected products include: Hpe Superdome Flex Server Firmware, Hpe Superdome Flex 280 Server Firmware. Version information: Version 3.50.58.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Rated medium severity (
A potential security vulnerability has been identified in HPE Superdome Flex server. Rated medium severity (CVSS 6.5), t
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today