Hewlett Packard Enterprise Product Security Vulnerability Alerts

Ripple20 Vulnerability - Multiple Vulnerabilities Affecting the Treck TCP/IP Stack (Multiple CVEs)

Version 5.0 :  Last Updated: August 4, 2020

This website is updated frequently, as new product information becomes available.

On June 16, 2020 JSOF disclosed the Ripple20 vulnerabilities in the Treck TCP/IP stack . HPE is evaluating each vulnerability for applicability to products, and will advise on them as part of the remediation communication.

The CVEs being evaluated by HPE are CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914.

Intel also published the following 4 CVEs related to Ripple20: CVE-2020-0594, CVE-2020-059, CVE-2020-0595, CVE-2020-8674.

HPE continues to investigate this issue and product impact assessment will be updated as more information becomes available.

Disclaimer: One or more of the links above will take you outside the HPE website. HPE is not responsible for content outside of its domain.

Usage Instructions and Definitions for CVE Vulnerability Information

Data

Definition

Product Category

High-level product description.

Product Sub-Category

Medium-level product description.

Product Name

Detailed product description.

 

(Impacted)

Indicates whether the specific product is affected by the cited vulnerability.

 

If Impacted - Mitigation or

Information regarding how to address a vulnerability.

Under Investigation

Link(s) to security bulletin (Vendor)

Link to Vendor's Security Bulletin.

 

Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.

Product Category

Sub Category

Product Name

Impacted (Yes/No/Under Investigation)

Mitigation / Notes

HPE Support Documentation

Other Support Documentation (Vendor/HPE)

HPE OneView

HPE OneView

HPE OneView Appliance

No

 

 

 

HPE OneView

HPE OneView

HPE OneView Composer 1

No

 

 

 

HPE Synergy

Image Streamer

HPE Synergy Image Streamer

No

 

 

 

HPE OneView

OneView Global Dashboard

HPE OneView Global Dashboard

No

 

 

 

Storage

Storage

SimpliVity OmniCube

No

 

 

 

Storage

Storage

SimpliVity OmniStack for Cisco

No

 

 

 

Storage

Storage

SimpliVity OmniStack for Dell

No

 

 

 

Storage

Storage

SimpliVity OmniStack for Lenovo

No

 

 

 

Mission Critical Servers

Superdome

Superdome Flex

No

 

 

 

Networking

Networking

HPE 8200 zl Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

HPE 6600 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

HPE 6200 yl Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 5400 zl

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 3800 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

HPE 3500 and 3500 yl Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2915 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2620 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2615 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 5400R zl2 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 3810M Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2930M Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2930F Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2920 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2540 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2530 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Server Management

HPE Integrated Lights-Out

HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04012

 

Server Management

HPE Integrated Lights-Out

HPE Integrated Lights-Out 2 (iLO 2)

No

 

 

 

Storage

StoreEasy

HPE StoreEasy 1450, 1550, 1650, 1650 Expanded, 1850, and 3850

Yes

Products based on HPE ProLiant Gen10 are impacted due to HPE iLO 5.  Fix is available. Refer to the HPE Security Bulletin for mitigation details.

HPE Security Bulletin hpesbhf04012

 

Storage

3PAR

HPE 3PAR Physical SP

Yes

Physical Service Processors based on HPE ProLiant DL360 Gen10 are impacted due to HPE iLO 5.  Fix is available. Refer to the HPE Security Bulletin for mitigation details.

HPE Security Bulletin hpesbhf04012

 

Storage

StoreVirtual

HPE StoreVirtual 3000 File Controller, and 3PAR StoreServ File Controller v3

Yes

Products based on HPE ProLiant Gen10 are impacted due to HPE iLO 5.  Fix is available. Refer to the HPE Security Bulletin for mitigation details.

HPE Security Bulletin hpesbhf04012

 

NonStop

NonStop

HPE NonStop X NS7 X3 systems, HPE NonStop X NS3 X3 systems

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop X NS7 X2 systems; HPE NonStop X NS3 X2 systems

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop X NS7 X1 systems; HPE NonStop X NS3 X1 systems

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop X NS2 X3 systems

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop X NS2 X2 systems

Yes

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop i BladeSystem NB56000c

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop i NS2400 systems; HPE NonStop i NS2300 systems

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop Virtual Tape Controller (VTC); HPE NonStop Virtual Tape Repository (VTR)

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

NonStop

NonStop

HPE NonStop System Console (NSC)

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012