Hewlett Packard Enterprise Product Security Vulnerability Alerts
​Plundervolt Vulnerability (CVE-2019-11157) in Certain HPE Servers Using Intel Processors
Version 4.0 : Last Updated: October 8, 2020
This website is updated frequently, as new product information becomes available.
On December 10 2019, a group of security researchers released a paper describing an attack nicknamed Plundervolt. The attack is against certain Intel CPUs using a privileged access to change the CPU voltage, which could allow disclosure or modification of code and data protected by intel Software Guard Extensions (SGX). The problem impacts certain HPE servers listed below.
- Resources
- Researcher's Plundervolt Website
- HPE Vulnerability Homepage
- National Vulnerability Database (NVD) Website
- HPE Security Bulletin
- HPE Support Center
|
Usage Instructions and Definitions for CVE Vulnerability Information |
|
|
Data |
Definition |
|
Product Category |
High-level product description. |
|
Product Sub-Category |
Medium-level product description. |
|
Product Name |
Detailed product description. |
|
|
|
|
(Impacted) |
Indicates whether the specific product is affected by the cited vulnerability. |
|
|
|
|
If Impacted - Mitigation or |
Information regarding how to address a vulnerability. |
|
Under Investigation |
|
|
Link(s) to security bulletin (Vendor) |
Link to Vendor's Security Bulletin. |
Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.
|
Product
Category |
Sub
Category |
Product
Name |
Impacted |
Mitigation
and Notes |
Customer
Bulletin |
Security
Bulletin2 |
|
Servers |
ProLiant |
HPE
ProLiant DL20 Gen10 |
Yes |
Update
to System ROM 2.12_12_06_2019. Available on HPE Support Center. |
|
|
|
Servers |
ProLiant |
HPE
ProLiant ML30 Gen10 |
Yes |
Update
to System ROM 2.12_12_06_2019. Available on HPE Support Center. |
|
|
|
Servers |
ProLiant |
HPE
ProLiant m710x Server Blade |
Yes |
Update System ROM 1.82_12-06-2019. |
|
|
|
Storage |
SimpliVity |
HPE
SimpliVity 380 Gen9 Nodes |
No |
Not Vulnerable |
|
|
|
Storage |
SimpliVity |
HPE
SimpliVity 380 Gen10 Nodes |
No |
Not Vulnerable |
|
|
|
Storage |
SimpliVity |
HPE
SimpliVity 2600 Gen10 Nodes |
No |
Not Vulnerable |
|
|
|
Storage |
SimpliVity |
SimpliVity OmniCube |
No |
Not Vulnerable |
|
|
|
Storage |
SimpliVity |
SimpliVity OmniStack for Cisco |
No |
Not Vulnerable |
|
|
|
Storage |
SimpliVity |
SimpliVity OmniStack for Dell |
No |
Not Vulnerable |
|
|
|
Storage |
SimpliVity |
SimpliVity OmniStack for Lenovo |
No |
Not Vulnerable |
|
|
|
Servers |
Synergy |
HPE
OneView |
No |
Not
Vulnerable |
|
|
|
Servers |
Synergy |
HPE
Synergy Composer |
No |
Not
Vulnerable |
|
|
|
Servers |
Synergy |
HPE
Image Streamer |
No |
Not
Vulnerable |
|
|
|
Servers |
OneView |
HPE
OneView Global Dashboard |
No |
Not
Vulnerable |
|
|
|
Servers |
Superdome |
Superdome
Flex Server |
No |
Not
Vulnerable |
|
|
|
NonStop |
NonStop CPUs and CLIMs |
NonStop X systems |
No |
Not
Vulnerable |
|
|
|
NonStop |
NonStop System Console |
NonStop NSC |
No |
Not
Vulnerable |
|
|
|
Storage |
MSA
Storage |
MSA
1040 |
No |
Not
Vulnerable |
|
|
|
Storage |
MSA
Storage |
MSA
2040 |
No |
Not
Vulnerable |
|
|
|
Storage |
MSA
Storage |
MSA
2042 |
No |
Not
Vulnerable |
|
|
|
Storage |
MSA
Storage |
MSA
1050 |
No |
Not
Vulnerable |
|
|
|
Storage |
MSA
Storage |
MSA
2050 |
No |
Not
Vulnerable |
|
|
|
Storage |
MSA
Storage |
MSA
2052 |
No |
Not
Vulnerable |
|
|
|
Storage |
MSA
Storage |
MSA
P2000 G3 |
No |
Not
Vulnerable |
|
|